CVE-2021-37806SQL Injection in Vehicle Parking Management System

CWE-89SQL Injection3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 39.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Vehicle Parking Management System
Timeline
PublishedOct 27
Latest updateMay 24

Description

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-pjg8-5h4c-gp9h: An SQL Injection vulnerability exists in https://phpgurukul2022-05-24
CVEList
CVE-2021-37806: An SQL Injection vulnerability exists in https://phpgurukul2021-10-27
CVE-2021-37806 — SQL Injection | cvebase