CVE-2021-40578

HIGH

Online Enrollment Management System <1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.0148
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
online_enrollment_management_system_project/online_enrollment_management_system 1.0
Published Dec 07, 2021
Tracked Since Feb 18, 2026