Lucene search

[email protected]CVE-2021-27316

HistoryMar 24, 2021 - 2:15 p.m.

CVE-2021-27316

2021-03-2414:15:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2021-27316

blind sql injection

contactus.php

doctor appointment system

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.078 Low

EPSS

Percentile

94.2%

JSON

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.

CPENameOperatorVersion
doctor_appointment_system_project:doctor_appointment_systemdoctor appointment system project doctor appointment systemeq1.0

CPE	Name	Operator	Version
doctor_appointment_system_project:doctor_appointment_system	doctor appointment system project doctor appointment system	eq	1.0

References

packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.078 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2021-27316

nuclei1 prion1 cvelist1 checkpoint_advisories1 packetstorm1 zdt1