Multiple Time-Based SQL Injection Vulnerabilities in Online Shopping Portal by Online Shopping Portal
CVE-2021-46110

9.8CRITICAL

Key Information:

Vendor: PHPgurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 18 February 2022

Summary

The Online Shopping Portal v3.1 has been identified to have multiple vulnerabilities that allow for time-based SQL injection through the email and contactno parameters. This flaw could enable attackers to execute unauthorized SQL commands, potentially leading to data leakage or manipulation. It is crucial for users of this software to apply the necessary updates and patches to mitigate the risks associated with these vulnerabilities.

References

https://giant-falcon-36d.notion.site/Online-Shopping-Port...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 3, 2022