CVE-2021-40578
HIGHOnline Enrollment Management System <1.0 - SQL Injection
Title source: llmDescription
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://medium.com/%40J03KR/cve-2021-40578-127ceaf3f1bb
Exploit, Third Party Advisory x_refsource_misc
https://www.nu11secur1ty.com/2021/12/online-enrollment-management-system-sql.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System
Scores
CVSS v3
7.2
EPSS
0.0148
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
online_enrollment_management_system_project/online_enrollment_management_system
1.0
Published
Dec 07, 2021
Tracked Since
Feb 18, 2026