CVE-2021-41647

CRITICAL

Online Food Ordering Web App - SQL Injection

Title source: rule

Description

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Exploits (1)

nomisec WRITEUP

by MobiusBinary · poc

https://github.com/MobiusBinary/CVE-2021-41647

View Code ZIP pw:eip

References (4)

[Product, Third Party Advisory] https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App

[Exploit, Third Party Advisory] https://github.com/MobiusBinary/CVE-2021-41647

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

Scores

CVSS v3 9.1

EPSS 0.0105

EPSS Percentile 77.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-89

Status published

Products (1)

online_food_ordering_web_app_project/online_food_ordering_web_app 1.0

Published Oct 01, 2021

Tracked Since Feb 18, 2026