CVE-2021-37589

HIGH NUCLEI

Virtua Cobranca < 12r - SQL Injection via Login Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-37589. PoCs published by Luca Regne. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Virtua Software Cobranca 12S's login page. The PoC includes HTTP requests that trigger SQLi via the 'idusuario' parameter, with instructions for using sqlmap to automate exploitation.

Description

Virtua Cobranca before 12R allows SQL Injection on the login page.

Exploits (1)

exploitdb WORKING POC
by Luca Regne · textremotewindows
https://www.exploit-db.com/exploits/50958

This exploit demonstrates a blind SQL injection vulnerability in Virtua Software Cobranca 12S's login page. The PoC includes HTTP requests that trigger SQLi via the 'idusuario' parameter, with instructions for using sqlmap to automate exploitation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Virtua Software Cobranca 12S
No auth needed
Prerequisites: Network access to the target application · SQLmap or similar tool for automation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Virtua Software Cobranca <12R - Blind SQL Injection
HIGHVERIFIEDby princechaddha
Shodan: http.favicon.hash:876876147
FOFA: icon_hash=876876147

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589

Scores

CVSS v3 7.5
EPSS 0.2967
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
virtuasoftware/cobranca < 12r
Published Jun 07, 2022
Tracked Since Feb 18, 2026