CVE-2021-40908

CRITICAL

Sourcecodester Purchase Order Management System v1 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0253
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
purchase_order_management_system_project/purchase_order_management_system 1.0
Published Jan 24, 2022
Tracked Since Feb 18, 2026