CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-25213

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0160%
EPSS Percentile11.40th
Published2021年7月22日
Last Modified2024年11月21日

Vulnerability Description

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.

Affected Platforms (CPE)

📦
Travel Management System Project

Travel Management System

= 1.0

References & Advisories

🔗 https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System-sql.md
🔗 https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System-sql.md

相关漏洞威胁

CVE-2020-242039.8

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel M...

CVE-2021-252089.8

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code vi...

CVE-2021-4766710.0

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remo...

CVE-2021-3540210.0

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters ...