PT-2021-19925 · Unknown · Local Service Search Engine Management System

Aditya Wakhlu

Published

2021-01-25

Updated

2022-04-26

CVE-2021-3278

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Local Service Search Engine Management System version 1.0

Description The issue allows for authentication bypass through SQL injection, enabling an attacker to bypass the login page.

Recommendations For Local Service Search Engine Management System version 1.0, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, review and modify the SQL injection vulnerability in the authentication process to prevent bypassing the login page. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-3278

Affected Products

Local Service Search Engine Management System

PT-2021-19925 · Unknown · Local Service Search Engine Management System

CVE-2021-3278

Weakness Enumeration

Related Identifiers

Affected Products

References · 5