Description
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://blog.pocas.kr/posts/sqli-iResturant/
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
iresturant_project/iresturant
1.0
Published
Jan 25, 2022
Tracked Since
Feb 18, 2026