Lucene search

[email protected]CVE-2021-33925

HistoryFeb 15, 2023 - 10:15 p.m.

CVE-2021-33925

2023-02-1522:15:11

CWE-89

[email protected]

web.nvd.nist.gov

cve-2021-33925

sql injection

nitinparashar30 cms-corephp

vulnerability

unauthenticated attackers

escalated privileges

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.

Affected configurations

NVD

Node

cms-corephp_projectcms-corephpRange≤2021-05-19

CPENameOperatorVersion
cms-corephp_project:cms-corephpcms-corephp project cms-corephple2021-05-19

CPE	Name	Operator	Version
cms-corephp_project:cms-corephp	cms-corephp project cms-corephp	le	2021-05-19

References

github.com/nitinp1232/cms-corephp/issues/1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2021-33925

cvelist1 nvd1 prion1