SQL Injection Vulnerability in viaviwebtech Android EBook App
CVE-2021-32428

9.8CRITICAL

Key Information:

Vendor

Viaviweb

Status
Ebook
Vendor
CVE Published:
1 July 2022

What is CVE-2021-32428?

An SQL Injection vulnerability has been identified in the viaviwebtech Android EBook App, specifically through the author_id parameter in the api.php endpoint. This flaw could allow an attacker to manipulate SQL queries, potentially exposing sensitive data or causing unauthorized access. Proper validation and sanitation of user inputs are essential to mitigate these risks, ensuring the integrity and confidentiality of application data.

References

https://owasp.org/www-community/attacks/Blind_SQL_Injection
x_refsource_MISC
https://codecanyon.net/user/viaviwebtech
x_refsource_MISC
https://codecanyon.net/item/android-ebook-app-with-materi...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.