CVE-2021-37808

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:news_portal:3.1:*:*:*:*:*:*:*

History

21 Nov 2024, 06:15

Type Values Removed Values Added
References () https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808 - Exploit, Third Party Advisory () https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808 - Exploit, Third Party Advisory
References () https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html - Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html - Third Party Advisory, VDB Entry
References () https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html - Exploit, Third Party Advisory () https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html - Exploit, Third Party Advisory

14 Nov 2023, 18:20

Type Values Removed Values Added
CPE cpe:2.3:a:news_portal_project:news_portal:3.1:*:*:*:*:*:*:* cpe:2.3:a:phpgurukul:news_portal:3.1:*:*:*:*:*:*:*
First Time Phpgurukul news Portal
Phpgurukul

Information

Published : 2021-10-27 17:15

Updated : 2024-11-21 06:15


NVD link : CVE-2021-37808

Mitre link : CVE-2021-37808

CVE.ORG link : CVE-2021-37808


JSON object : View

Products Affected

phpgurukul

  • news_portal
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')