What is CVE-2021-37806?

CVE-2021-37806 is an SQL Injection vulnerability in the Vehicle Parking Management System version 1.0.

What is the severity of CVE-2021-37806?

CVE-2021-37806 has a severity rating of 5.9, which is classified as medium.

How does CVE-2021-37806 affect the Vehicle Parking Management System?

CVE-2021-37806 allows for time-based SQL injection attacks on multiple endpoints in the Vehicle Parking Management System.

What is the CWE ID associated with CVE-2021-37806?

CVE-2021-37806 is associated with CWE ID 89, which is the code for Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').

Are there any references or additional resources for CVE-2021-37806?

Additional resources for CVE-2021-37806 can be found at the following links: [https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806](https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806), [https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html](https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html), [https://streamable.com/rfcchi](https://streamable.com/rfcchi)

Vulnerability/
CVE-2021-37806

medium

5.9

CWE

27/10/2021

4/8/2024

CVE-2021-37806: SQL Injection

First published: Wed Oct 27 2021(Updated: )

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Vehicle Parking Management System Project Vehicle Parking Management System	=1.0
PHPGurukul Vehicle Parking Management System	=1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-37806?
CVE-2021-37806 is an SQL Injection vulnerability in the Vehicle Parking Management System version 1.0.
What is the severity of CVE-2021-37806?
CVE-2021-37806 has a severity rating of 5.9, which is classified as medium.
How does CVE-2021-37806 affect the Vehicle Parking Management System?
CVE-2021-37806 allows for time-based SQL injection attacks on multiple endpoints in the Vehicle Parking Management System.
What is the CWE ID associated with CVE-2021-37806?
CVE-2021-37806 is associated with CWE ID 89, which is the code for Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
Are there any references or additional resources for CVE-2021-37806?
Additional resources for CVE-2021-37806 can be found at the following links: [https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806](https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806), [https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html](https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html), [https://streamable.com/rfcchi](https://streamable.com/rfcchi)

collector/nvd-index
collector/nvd-api
agent/author
agent/severity
agent/weakness
agent/references
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/description
agent/tags
agent/type
agent/event
collector/mitre-cve
source/MITRE
vendor/vehicle parking management system project
canonical/vehicle parking management system project vehicle parking management system
version/vehicle parking management system project vehicle parking management system/1.0
vendor/phpgurukul
canonical/phpgurukul vehicle parking management system
version/phpgurukul vehicle parking management system/1.0