CVE-2021-41647

CRITICAL

Online Food Ordering Web App 1.0 - Unauthenticated SQL Injection via Login Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-41647. PoCs published by MobiusBinary.

AI-analyzed exploit summary This repository provides a writeup and proof-of-concept for CVE-2021-41647, an SQL injection vulnerability in the Online-Food-Ordering-Web-App. It includes payloads for login bypass and SQL injection attacks via the username parameter on the /login.php page.

Description

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Exploits (1)

nomisec WRITEUP
by MobiusBinary · poc
https://github.com/MobiusBinary/CVE-2021-41647

This repository provides a writeup and proof-of-concept for CVE-2021-41647, an SQL injection vulnerability in the Online-Food-Ordering-Web-App. It includes payloads for login bypass and SQL injection attacks via the username parameter on the /login.php page.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online-Food-Ordering-Web-App
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
Exploit, Third Party Advisory x_refsource_misc
https://github.com/MobiusBinary/CVE-2021-41647
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

Scores

CVSS v3 9.1
EPSS 0.0194
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-89
Status published
Products (1)
online_food_ordering_web_app_project/online_food_ordering_web_app 1.0
Published Oct 01, 2021
Tracked Since Feb 18, 2026