An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
References
Link | Resource |
---|---|
https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system | Product |
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41649 | Exploit Third Party Advisory |
https://streamable.com/aii806 | Exploit Third Party Advisory |
https://streamable.com/mnn7dn | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-10-01 07:15
Updated : 2021-11-05 14:15
NVD link : CVE-2021-41649
Mitre link : CVE-2021-41649
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
online-shopping-system-advanced_project
- online-shopping-system-advanced