Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

PHP CRUD (by: oretnom23 ) is vulnerable to XSS Stored Attack and remote SQL-Injection special characters no prepared statements

Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated
Validated
Validated
Validated

Description

The PHP CRUD (by: oretnom23 ) is vulnerable to XSS Stored Attack and remote SQL-Injection special characters. In the application: ajax_crud the parameters, first_name, last_name, and email are vulnerable to XSS Stored attack! When the user will sending a malicious javascript payload, he can store a special character – string, onto the MySQL server. The MySQL server can’t read it because there have no prepared statements or the appropriate replacement/formatting rules in order to prevent SQL injection and the system will be down. Status: CRITICAL

Add Assessment

1
Ratings
Technical Analysis

CVE-nu11-10-09102021

Vendor

Description:

The PHP CRUD (by: oretnom23 ) is vulnerable to XSS Stored Attack and remote SQL-Injection special characters.
In the application: ajax_crud the parameters, first_name, last_name, and email are vulnerable to XSS Stored attack!
When the user will sending a malicious javascript payload, he can store a special character – string, onto the MySQL server.
The MySQL server can’t read it because there have no prepared statements or the appropriate replacement/formatting rules
in order to prevent SQL injection and the system will be down.
Status: CRITICAL

Documentation, HOW TO CHARACTER SET Statement:

href

Proof:

href

General Information

Technical Analysis