Multiple Time-Based SQL Injection Vulnerabilities in Online Shopping Portal by Online Shopping Portal
CVE-2021-46110

9.8CRITICAL

Key Information:

Vendor: PHPgurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 18 February 2022

What is CVE-2021-46110?

The Online Shopping Portal v3.1 has been identified to have multiple vulnerabilities that allow for time-based SQL injection through the email and contactno parameters. This flaw could enable attackers to execute unauthorized SQL commands, potentially leading to data leakage or manipulation. It is crucial for users of this software to apply the necessary updates and patches to mitigate the risks associated with these vulnerabilities.

References

https://giant-falcon-36d.notion.site/Online-Shopping-Port...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 3, 2022

PHPgurukul

What is CVE-2021-46110?

References

CVSS V3.1

Timeline