CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-41492

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile44.25th
Published2021年11月3日
Last Modified2024年11月21日

Vulnerability Description

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

Affected Platforms (CPE)

📦
Simple Cashiering System Project

Simple Cashiering System

= 1.0

References & Advisories

🔗 https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html
🔗 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492
🔗 https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html
🔗 https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html
🔗 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492
🔗 https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html

関連する脆弱性情報

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...