Lucene search

CVE-2021-3278

🗓️ 26 Jan 2021 18:29:16Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 58 Views🌐 WEB

Local Service Search Engine Management System 1.0 has SQL injection authentication bypass vulnerability

Reporter	Title	Published	Views	Family All 6
Exploit DB	Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass	2 Dec 202000:00	–	exploitdb
CNVD	Local Service Search Engine Management System SQL Injection Vulnerability	18 Feb 202200:00	–	cnvd
NVD	CVE-2021-3278	26 Jan 202118:16	–	nvd
Packet Storm	Local Service Search Engine Management System 1.0 SQL Injection	2 Jun 202100:00	–	packetstorm
Prion	Sql injection	26 Jan 202118:16	–	prion
Cvelist	CVE-2021-3278	25 Jan 202115:09	–	cvelist

Nvd

Node

local_services_search_engine_management_system_project local_services_search_engine_management_systemMatch1.0

Source	Link
sourcecodester	www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html
packetstormsecurity	www.packetstormsecurity.com/files/162919/Local-Service-Search-Engine-Management-System-1.0-SQL-Injection.html
exploit-db	www.exploit-db.com/exploits/49163

Parameter	Position	Path	Description	CWE
username	request body	/lssems/admin/login.php	SQL injection vulnerability allows attackers to bypass authentication on the login page.	CWE-89
password	request body	/lssems/admin/login.php	SQL injection vulnerability allows attackers to bypass authentication on the login page.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jan 2021 18:16Current

10High risk

Vulners AI Score10

CVSS27.5

CVSS39.8

EPSS0.00821

CWE-89