CVE-2021-47848

HIGH

Blitar Tourism 1.0 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47848. PoCs published by sigeri94.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via SQL injection in Blitar Tourism 1.0. The payload manipulates the username parameter to bypass login by injecting a SQL comment, effectively neutralizing the password check.

Description

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access.

Exploits (1)

exploitdb WORKING POC
by sigeri94 · textwebappsmultiple
https://www.exploit-db.com/exploits/49759

This exploit demonstrates an authentication bypass via SQL injection in Blitar Tourism 1.0. The payload manipulates the username parameter to bypass login by injecting a SQL comment, effectively neutralizing the password check.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Blitar Tourism 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49759

Scores

CVSS v3 8.2
EPSS 0.0035
EPSS Percentile 26.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
satndy/Aplikasi-Biro-Travel 1.0
Published Jan 21, 2026
Tracked Since Feb 18, 2026