Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by online_food_ordering_web_app_project

CVE-2021-41647 (GCVE-0-2021-41647)

Vulnerability from cvelistv5 – Published: 2021-10-01 14:32 – Updated: 2024-08-04 03:15

Summary

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/kaushikjadhav01/Online-Food-Or…	x_refsource_MISC
	https://github.com/MobiusBinary/CVE-2021-41647	x_refsource_MISC
	http://packetstormsecurity.com/files/164422/Onlin…	x_refsource_MISC
	https://github.com/nu11secur1ty/CVE-mitre/tree/ma…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:15:29.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/MobiusBinary/CVE-2021-41647"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-07T13:18:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MobiusBinary/CVE-2021-41647"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-41647",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App",
              "refsource": "MISC",
              "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"
            },
            {
              "name": "https://github.com/MobiusBinary/CVE-2021-41647",
              "refsource": "MISC",
              "url": "https://github.com/MobiusBinary/CVE-2021-41647"
            },
            {
              "name": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"
            },
            {
              "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647",
              "refsource": "MISC",
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41647",
    "datePublished": "2021-10-01T14:32:43.000Z",
    "dateReserved": "2021-09-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:15:29.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by online_food_ordering_web_app_project

CVE-2021-41647 (GCVE-0-2021-41647)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.