CVE-2021-27828

CRITICAL

In4Suite ERP <3.2.74.1370 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27828. PoCs published by Gulab Mondal.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in In4Suite ERP 3.2.74.1370 via the 'txtLoginId' parameter in the login form. It includes both error condition and exploitation examples, showing how an attacker can bypass authentication using a simple SQLi payload.

Description

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

Exploits (1)

exploitdb WORKING POC

by Gulab Mondal · textwebappsmultiple

https://www.exploit-db.com/exploits/49884

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in In4Suite ERP 3.2.74.1370 via the 'txtLoginId' parameter in the login form. It includes both error condition and exploitation examples, showing how an attacker can bypass authentication using a simple SQLi payload.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: In4Suite ERP 3.2.74.1370

No auth needed

Prerequisites: Network access to the target application · Login page accessible at /CheckLogin.asp

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

https://www.in4velocity.com/in4suite-erp.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49884

Scores

CVSS v3 9.1

EPSS 0.2028

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

in4velocity/in4suite_erp 3.2.74.1370

Published Jun 01, 2021

Tracked Since Feb 18, 2026