CVE-2021-37808
Summary
| CVE | CVE-2021-37808 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-27 17:15:00 UTC |
| Updated | 2023-11-14 18:20:00 UTC |
| Description | SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | News Portal Project | News Portal | 3.1 | All | All | All |
| Application | Phpgurukul | News Portal | 3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| News Portal Project 3.1 SQL Injection ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE-mitre/CVE-2021-37808 at main · nu11secur1ty/CVE-mitre · GitHub | MISC | github.com | |
| CVE-2021-37808 | MISC | www.nu11secur1ty.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.