CVE-2021-45334

CRITICAL

Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45334. PoCs published by Yehia Elghaly.

AI-analyzed exploit summary This exploit demonstrates an SQL injection authentication bypass and a stored XSS vulnerability in Online Thesis Archiving System 1.0. The SQLi allows admin account takeover via crafted payloads, while the XSS can be triggered by inserting malicious scripts in department or curriculum fields.

Description

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection

Exploits (1)

exploitdb WORKING POC

by Yehia Elghaly · textwebappsphp

https://www.exploit-db.com/exploits/50597

View Code ZIP pw:eip

This exploit demonstrates an SQL injection authentication bypass and a stored XSS vulnerability in Online Thesis Archiving System 1.0. The SQLi allows admin account takeover via crafted payloads, while the XSS can be triggered by inserting malicious scripts in department or curriculum fields.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Online Thesis Archiving System 1.0

No auth needed

Prerequisites: Access to the login page · Ability to send HTTP POST requests

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/165272/Online-Thesis-Archiving-System-1.0-SQL-Injection-Cross-Site-Scripting.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50597

Exploit, Third Party Advisory x_refsource_misc

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-45334

Exploit, Third Party Advisory x_refsource_misc

https://www.nu11secur1ty.com/2022/01/cve-2021-45334.html

Scores

CVSS v3 9.8

EPSS 0.0276

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_thesis_archiving_system_project/online_thesis_archiving_system 1.0

Published Jan 10, 2022

Tracked Since Feb 18, 2026