PT-2021-16964 · Unknown · Casap Automated Enrollment System

Published

2021-02-15

Updated

2021-02-22

CVE-2021-26201

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CASAP Automated Enrollment System version 1.0

Description The issue concerns the Login Panel of the system, which is susceptible to SQL injection. This allows an attacker to bypass authentication and gain access to the admin panel by injecting a SQL query into the username field of the login page.

Recommendations For CASAP Automated Enrollment System version 1.0, consider restricting access to the login page until a fix is available, and avoid using the username field for any other purpose than its intended use. As a temporary workaround, consider implementing input validation and sanitization for the username field to minimize the risk of SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-26201

Affected Products

Casap Automated Enrollment System

PT-2021-16964 · Unknown · Casap Automated Enrollment System

CVE-2021-26201

Weakness Enumeration

Related Identifiers

Affected Products

References · 3