Egavilanmedia · Phpcrud · CVE-2021-47956
**Name of the Vulnerable Software and Affected Versions**
EgavilanMedia PHPCRUD version 1.0
**Description**
An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending POST requests to the 'insert.php' endpoint using the `firstname` parameter to extract sensitive database information.
**Recommendations**
As a temporary workaround, avoid using the `firstname` parameter in the 'insert.php' endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.