CVE-2021-47846

HIGH

Digital Crime Report Management System 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47846. PoCs published by GaluhID.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in the authentication mechanisms of Digital Crime Report Management System 1.0, allowing authentication bypass via crafted input in the email and password fields.

Description

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.

Exploits (1)

exploitdb WORKING POC
by GaluhID · textwebappsphp
https://www.exploit-db.com/exploits/49761

This exploit demonstrates SQL injection vulnerabilities in the authentication mechanisms of Digital Crime Report Management System 1.0, allowing authentication bypass via crafted input in the email and password fields.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Digital Crime Report Management System 1.0
No auth needed
Prerequisites: Access to the login pages of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.2
EPSS 0.0039
EPSS Percentile 30.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
I Want Source Codes/Digital Crime Report Management System 1.0
Published Jan 21, 2026
Tracked Since Feb 18, 2026