CVE-2021-41433

{"id": "CVE-2021-41433", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-09-27T23:15:12.457", "references": [{"url": "https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41433.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/martinkubecka/CVE-References/blob/main/Untitled-SQLi.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL en versi\u00f3n 1.0 de Resumes Management and Job Application Website application login form por EGavilan Media que permite omitir la autenticaci\u00f3n mediante el archivo login.php"}], "lastModified": "2022-09-28T21:39:21.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:resumes_management_and_job_application_website_application_project:resumes_management_and_job_application_website_application:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FAB8479-106F-4757-9510-8D65F80DD74A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}