SQL Injection Vulnerability in News Portal Project by PHP Gurukul
CVE-2021-37808

5.9MEDIUM

Key Information:

Vendor
PHPgurukul
Status
News Portal
Vendor
CVE Published:
27 October 2021

Summary

The News Portal Project 3.1 by PHP Gurukul is susceptible to SQL Injection vulnerabilities through specific parameters including category, subcategory, sucatdescription, and username. Attackers can exploit these vulnerabilities, particularly leveraging MySQL Blind SQL injection techniques that induce time delays in server responses. This allows potential intruders to manipulate database queries and extract sensitive information using tools such as sqlmap.

References

https://packetstormsecurity.com/files/163575/News-Portal-...
x_refsource_MISC
https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html
x_refsource_MISC
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.