Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2021-47956 (GCVE-0-2021-47956)

Vulnerability from nvd – Published: 2026-05-16 15:26 – Updated: 2026-05-18 12:40

Title

EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

Summary

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information.

Severity

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

VulnCheck

References

4 references

URL	Tags
https://www.exploit-db.com/exploits/49878	exploit
https://egavilanmedia.com	product
https://egavilanmedia.com/crud-operation-with-php…	product
https://www.vulncheck.com/advisories/egavilanmedi…	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
Egavilanmedia	EgavilanMedia PHPCRUD	Affected: 1.0

Date Public

2021-05-17 00:00

Credits

Dimitrios Mitakos

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47956",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T12:40:14.018497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T12:40:23.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EgavilanMedia PHPCRUD",
          "vendor": "Egavilanmedia",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dimitrios Mitakos"
        }
      ],
      "datePublic": "2021-05-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-16T15:26:08.661Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-49878",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/49878"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://egavilanmedia.com"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/"
        },
        {
          "name": "VulnCheck Advisory: EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/egavilanmedia-phpcrud-sql-injection-via-firstname"
        }
      ],
      "title": "EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47956",
    "datePublished": "2026-05-16T15:26:08.661Z",
    "dateReserved": "2026-02-01T11:24:18.720Z",
    "dateUpdated": "2026-05-18T12:40:23.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47956 (GCVE-0-2021-47956)

Vulnerability from cvelistv5 – Published: 2026-05-16 15:26 – Updated: 2026-05-18 12:40

Title

EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

Summary

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information.

Severity

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

VulnCheck

References

4 references

URL	Tags
https://www.exploit-db.com/exploits/49878	exploit
https://egavilanmedia.com	product
https://egavilanmedia.com/crud-operation-with-php…	product
https://www.vulncheck.com/advisories/egavilanmedi…	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
Egavilanmedia	EgavilanMedia PHPCRUD	Affected: 1.0

Date Public

2021-05-17 00:00

Credits

Dimitrios Mitakos

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47956",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T12:40:14.018497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T12:40:23.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EgavilanMedia PHPCRUD",
          "vendor": "Egavilanmedia",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dimitrios Mitakos"
        }
      ],
      "datePublic": "2021-05-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-16T15:26:08.661Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-49878",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/49878"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://egavilanmedia.com"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/"
        },
        {
          "name": "VulnCheck Advisory: EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/egavilanmedia-phpcrud-sql-injection-via-firstname"
        }
      ],
      "title": "EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47956",
    "datePublished": "2026-05-16T15:26:08.661Z",
    "dateReserved": "2026-02-01T11:24:18.720Z",
    "dateUpdated": "2026-05-18T12:40:23.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Search criteria

2 vulnerabilities found for EgavilanMedia PHPCRUD by Egavilanmedia

CVE-2021-47956 (GCVE-0-2021-47956)

CVE-2021-47956 (GCVE-0-2021-47956)