Lucene search

VulDBCVELIST:CVE-2021-4290

HistoryDec 27, 2022 - 10:37 p.m.

CVE-2021-4290 DHBW Fallstudie Login passport.js sql injection

2022-12-2722:37:48

CWE-89

VulDB

www.cve.org

dhbw fallstudie

sql injection

passport.js

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "DHBW Fallstudie",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "Login"
    ]
  }
]

References

github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123

vuldb.com/?ctiid.216907

vuldb.com/?id.216907