CVE-2021-26822

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

9.9%

top 7.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Teachers Record Management System

Timeline

PublishedFeb 15

Latest updateMay 24

Description

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/teachers_record_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-fvqh-qwm3-5j87: Teachers Record Management System 1↗2022-05-24

▶

CVEList

CVE-2021-26822: Teachers Record Management System 1↗2021-02-15

▶