CVE-2021-44655

CRITICAL

Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44655. PoCs published by Mohamed habib Smidi.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the login form of the Online Pre-owned/Used Car Showroom Management System 1.0, allowing authentication bypass via a crafted username parameter.

Description

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

Exploits (1)

exploitdb WORKING POC
by Mohamed habib Smidi · textwebappsphp
https://www.exploit-db.com/exploits/50560

This exploit demonstrates an SQL injection vulnerability in the login form of the Online Pre-owned/Used Car Showroom Management System 1.0, allowing authentication bypass via a crafted username parameter.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Pre-owned/Used Car Showroom Management System 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50560
Exploit, Third Party Advisory x_refsource_misc
https://www.nu11secur1ty.com/2021/12/cve-2021-44655.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44655

Scores

CVSS v3 9.8
EPSS 0.0597
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
online_pre-owned\/used_car_showroom_management_system_project/online_pre-owned\/used_car_showroom_management_system 1.0
Published Dec 15, 2021
Tracked Since Feb 18, 2026