PT-2022-11459 · Unknown · The South Gate Inn Online Reservation System

Published

2022-06-13

Updated

2022-06-27

CVE-2021-41662

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The South Gate Inn Online Reservation System version 1.0

Description The issue is caused by improper file handling in the editImg function, leading to an SQL injection vulnerability that can be chained with a malicious PHP file upload. This results in remote code execution.

Recommendations For The South Gate Inn Online Reservation System version 1.0, consider disabling the editImg function until a patch is available to prevent exploitation. Restrict access to file uploads to minimize the risk of malicious PHP file uploads.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-41662

Affected Products

The South Gate Inn Online Reservation System

PT-2022-11459 · Unknown · The South Gate Inn Online Reservation System

CVE-2021-41662

Weakness Enumeration

Related Identifiers

Affected Products

References · 5