PT-2021-23648 · Unknown · Sourcecodester Online Event Booking/Reservation System

Nu11Secur1Ty

Published

2021-11-05

Updated

2021-11-28

CVE-2021-42667

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Online Event Booking and Reservation System in PHP (affected versions not specified)

Description A SQL Injection issue exists in the event-management/views component, allowing an attacker to manipulate SQL queries. This can lead to the extraction of sensitive data from the web server and potentially enable remote code execution on the remote web server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-42667

Affected Products

Sourcecodester Online Event Booking/Reservation System

PT-2021-23648 · Unknown · Sourcecodester Online Event Booking/Reservation System

CVE-2021-42667

Weakness Enumeration

Related Identifiers

Affected Products

References · 6