CVE-2021-44655

CRITICAL

Online Pre-owned/used Car Showroom Management System - SQL Injection

Title source: rule

Description

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

Exploits (1)

exploitdb WORKING POC

by Mohamed habib Smidi · textwebappsphp

https://www.exploit-db.com/exploits/50560

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50560

[Exploit, Third Party Advisory] https://www.nu11secur1ty.com/2021/12/cve-2021-44655.html

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44655

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_pre-owned\/used_car_showroom_management_system_project/online_pre-owned\/used_car_showroom_management_system 1.0

Published Dec 15, 2021

Tracked Since Feb 18, 2026