PT-2026-3801 · Satndy · Aplikasi-Biro-Travel
Sigeri94
·
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2021-47848
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Blitar Tourism version 1.0
Description
An authentication bypass allows attackers to gain unauthorized administrative access by injecting SQL code through the
username parameter during the login request.Recommendations
Update Blitar Tourism version 1.0 to a version that addresses this issue. As a temporary workaround, restrict access to the login functionality or implement input validation for the
username parameter.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aplikasi-Biro-Travel