CVE-2021-36621

Name of the Vulnerable Software and Affected Versions Sourcecodester Online Covid Vaccination Scheduler System version 1.0

Description The issue allows for SQL Injection, specifically time-based SQL injection, through the username parameter. This can lead to an attacker dumping the admin password hash, potentially decrypting it to obtain the plain-text password, and subsequently authenticating as an Administrator.

Recommendations For Sourcecodester Online Covid Vaccination Scheduler System version 1.0, consider restricting access to the vulnerable username parameter until a patch is available. As a temporary workaround, avoid using the username parameter in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.