Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-28142. PoCs published by skysbsb.
AI-analyzed exploit summary This is a writeup describing a time-based blind SQL injection vulnerability in CITSmart ITSM versions prior to 9.1.2.28. It provides details on the vulnerable parameter and a sqlmap command for exploitation, but does not include functional exploit code.
Description
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
Exploits (1)
exploitdb
WRITEUP
by skysbsb · textwebappsjava
https://www.exploit-db.com/exploits/49763
This is a writeup describing a time-based blind SQL injection vulnerability in CITSmart ITSM versions prior to 9.1.2.28. It provides details on the vulnerable parameter and a sqlmap command for exploitation, but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
CITSmart ITSM < 9.1.2.28
Auth required
Prerequisites:
Authenticated access to the CITSmart ITSM application · Valid JSESSIONID cookie
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/162182/CITSmart-ITSM-9.1.2.27-SQL-Injection.html
Scores
CVSS v3
8.8
EPSS
0.0577
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
citsmart/citsmart
< 9.1.2.28
Published
Apr 06, 2021
Tracked Since
Feb 18, 2026