PT-2026-41453 · Egavilanmedia · Phpcrud
Dimitrios Mitakos
·
Published
2026-05-16
·
Updated
2026-05-17
·
CVE-2021-47956
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EgavilanMedia PHPCRUD version 1.0
Description
An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending POST requests to the 'insert.php' endpoint using the
firstname parameter to extract sensitive database information.Recommendations
As a temporary workaround, avoid using the
firstname parameter in the 'insert.php' endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpcrud