SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
References
Link | Resource |
---|---|
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808 | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html | Third Party Advisory VDB Entry |
https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html | Exploit Third Party Advisory |
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808 | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html | Third Party Advisory VDB Entry |
https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808 - Exploit, Third Party Advisory | |
References | () https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html - Third Party Advisory, VDB Entry | |
References | () https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html - Exploit, Third Party Advisory |
14 Nov 2023, 18:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phpgurukul:news_portal:3.1:*:*:*:*:*:*:* | |
First Time |
Phpgurukul news Portal
Phpgurukul |
Information
Published : 2021-10-27 17:15
Updated : 2024-11-21 06:15
NVD link : CVE-2021-37808
Mitre link : CVE-2021-37808
CVE.ORG link : CVE-2021-37808
JSON object : View
Products Affected
phpgurukul
- news_portal
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')