CVE-2021-47846

HIGH

Digital Crime Report Management System 1.0 - SQL Injection

Title source: llm

Description

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.

Exploits (1)

exploitdb WORKING POC

by GaluhID · textwebappsphp

https://www.exploit-db.com/exploits/49761

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49761

[Various Sources] https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/

[Various Sources] https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2

[Third Party Advisory] https://www.vulncheck.com/advisories/digital-crime-report-management-system-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

I Want Source Codes/Digital Crime Report Management System 1.0

Published Jan 21, 2026

Tracked Since Feb 18, 2026