nvd-json-data-feeds/CVE-2021/CVE-2021-414xx/CVE-2021-41492.json

{
  "id": "CVE-2021-41492",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-11-03T20:15:09.003",
  "lastModified": "2021-12-15T18:49:44.187",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php."
    },
    {
      "lang": "es",
      "value": "Se presentan m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Sourcecodester Simple Cashiering System (POS) versi\u00f3n 1.0 por medio de (1) par\u00e1metro Product Code en la p\u00e1gina pos en cashiering. (2) par\u00e1metro id en manage_products y el (3) par\u00e1metro t en el archivo actions.php"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:simple_cashiering_system_project:simple_cashiering_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3737220C-D457-4B51-A2DD-FD54C99DFD0D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}