CVE-2021-45802

{"id": "CVE-2021-45802", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-01-25T13:15:07.913", "references": [{"url": "https://blog.pocas.kr/posts/sqli-iResturant/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.pocas.kr/posts/sqli-iResturant/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration."}, {"lang": "es", "value": "MartDevelopers iResturant versi\u00f3n 1.0, es vulnerable a una inyecci\u00f3n SQL. La inyecci\u00f3n SQL es producida porque los valores de los par\u00e1metros email y phone son a\u00f1adidos a la consulta SQL sin ninguna verificaci\u00f3n en el momento del registro de socios"}], "lastModified": "2024-11-21T06:33:04.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iresturant_project:iresturant:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991B601B-9EB9-4EC2-98B1-AAC81DD96D61"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}