ГлавнаяУязвимости → CVE-2021-47956
8.2высокая

CVE-2021-47956

Описание

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information.

CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Источники
https://egavilanmedia.comhttps://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/https://www.exploit-db.com/exploits/49878https://www.vulncheck.com/advisories/egavilanmedia-phpcrud-sql-injection-via-firstname