CVE-2021-44653

CRITICAL

Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44653. PoCs published by Mohamed habib Smidi.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the Online Magazine Management System 1.0 login form, allowing authentication bypass via a crafted POST request with a malicious username parameter.

Description

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.

Exploits (1)

exploitdb WORKING POC
by Mohamed habib Smidi · textwebappsphp
https://www.exploit-db.com/exploits/50561

This exploit demonstrates an SQL injection vulnerability in the Online Magazine Management System 1.0 login form, allowing authentication bypass via a crafted POST request with a malicious username parameter.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Magazine Management System 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50561
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653
Exploit, Third Party Advisory x_refsource_misc
https://www.nu11secur1ty.com/2021/12/cve-2021-44653.html

Scores

CVSS v3 9.8
EPSS 0.0597
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
oretnom23/online_magazine_management_system 1.0
Published Dec 15, 2021
Tracked Since Feb 18, 2026