CVE-2021-41492

CRITICAL

Simple Cashiering System 1.0 - SQL Injection via Product Code, id Parameter, or t Parameter

Title source: llm
STIX 2.1

Description

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492

Scores

CVSS v3 9.8
EPSS 0.0164
EPSS Percentile 73.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
simple_cashiering_system_project/simple_cashiering_system 1.0
Published Nov 03, 2021
Tracked Since Feb 18, 2026