Remote Code Execution via SQL Injection and File Upload Vulnerability in South Gate Inn Online Reservation System v1.0

CVE-2021-41662 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.