CVE-2021-41647

critical

Description

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

References

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App

https://github.com/MobiusBinary/CVE-2021-41647

http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html

Details

Source: Mitre, NVD

Published: 2021-10-01

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01157