Unauthenticated Blind SQL Injection Vulnerability in Kaushik Jadhav Online Food Ordering Web App 1.0

Unauthenticated Blind SQL Injection Vulnerability in Kaushik Jadhav Online Food Ordering Web App 1.0

CVE-2021-41647 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.