CVE-2021-44653
published 2021-12-15CVE-2021-44653: Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.97%
92.4th percentile
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oretnom23 | online_magazine_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to /magazines/classes/Login.php with the query parameter f=login containing SQL injection payloads in the username field (e.g., ' or 1=1 limit 1 -- -). ↗
- →Monitor for the X-Requested-With: XMLHttpRequest header combined with POST requests to the Login.php endpoint, which is the expected attack delivery mechanism. ↗
- →Alert on POST body content matching URL-encoded SQL bypass patterns such as %27+or+1%3D1 or equivalent decoded form ' or 1=1 targeting the username parameter on the login endpoint. ↗
- ·The exploit was tested on Ubuntu with the application hosted at the /magazines/ web root path; deployments at different base paths will require adjusted detection signatures. ↗
- ·The vulnerable software is version 1.0 only; verify the installed version before applying detections to avoid false positives on patched instances. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653https://www.exploit-db.com/exploits/50561https://www.nu11secur1ty.com/2021/12/cve-2021-44653.htmlhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653https://www.exploit-db.com/exploits/50561https://www.nu11secur1ty.com/2021/12/cve-2021-44653.html
2021-12-15
Published