CVE-2021-37808

Name of the Vulnerable Software and Affected Versions: News Portal Project version 3.1

Description: SQL Injection vulnerabilities exist in the News Portal Project via the category, subcategory, sucatdescription, and username parameters. The server response is delayed by about (N) seconds, indicating vulnerability to MySQL Blind (Time Based) attacks. An attacker can exploit this issue to extract sensitive information from the database.

Recommendations: For version 3.1, consider restricting access to the vulnerable parameters category, subcategory, sucatdescription, and username to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters in API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.