CVE-2021-42667

CRITICAL NUCLEI

Sourcecodester Online Event Booking and Reservation System - SQL Injection in Event Management Views

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-42667. PoCs published by 0xDeku. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a technical description and proof-of-concept for CVE-2021-42667, an SQL Injection vulnerability in the Online Event Booking and Reservation System version 2.3.0. The vulnerability allows attackers to extract sensitive data via the 'id' parameter in the 'USER' page.

Description

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.

Exploits (2)

nomisec WRITEUP 2 stars
by 0xDeku · poc
https://github.com/0xDeku/CVE-2021-42667

This repository provides a technical description and proof-of-concept for CVE-2021-42667, an SQL Injection vulnerability in the Online Event Booking and Reservation System version 2.3.0. The vulnerability allows attackers to extract sensitive data via the 'id' parameter in the 'USER' page.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Event Booking and Reservation System 2.3.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/thehackingrabbi/cve-2021-42667

This repository provides a technical description and proof-of-concept for an SQL Injection vulnerability in the Online event booking and reservation system version 2.3.0. The vulnerability is in the 'id' parameter of the 'USER' page, allowing attackers to extract sensitive data from the MySQL server.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online event booking and reservation system version 2.3.0
No auth needed
Prerequisites: Access to the vulnerable web page
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Online Event Booking and Reservation System 2.3.0 - SQL Injection
CRITICALVERIFIEDby fxploit

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TheHackingRabbi/CVE-2021-42667
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667

Scores

CVSS v3 9.8
EPSS 0.7227
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
online_event_booking_and_reservation_system_project/online_event_booking_and_reservation_system 2.3.0
Published Nov 05, 2021
Tracked Since Feb 18, 2026