CVE-2021-44653

CRITICAL

Oretnom23 Online Magazine Management System - SQL Injection

Title source: rule

Description

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.

Exploits (1)

exploitdb WORKING POC

by Mohamed habib Smidi · textwebappsphp

https://www.exploit-db.com/exploits/50561

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50561

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653

[Exploit, Third Party Advisory] https://www.nu11secur1ty.com/2021/12/cve-2021-44653.html

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/online_magazine_management_system 1.0

Published Dec 15, 2021

Tracked Since Feb 18, 2026