CVE-2021-44599

HIGH

Online Enrollment Management System 1.0 - SQL Injection via ID Parameter

Title source: llm
STIX 2.1

Description

The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0121
EPSS Percentile 65.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
online_enrollment_management_system_project/online_enrollment_management_system 1.0
Published Dec 23, 2021
Tracked Since Feb 18, 2026