CVE-2021-44599
HIGHOnline Enrollment Management System 1.0 - SQL Injection via ID Parameter
Title source: llmDescription
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System
Scores
CVSS v3
7.5
EPSS
0.0121
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
online_enrollment_management_system_project/online_enrollment_management_system
1.0
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026