What is the severity of CVE-2021-37808?

CVE-2021-37808 has a high severity due to the existence of SQL Injection vulnerabilities that can be exploited to gain unauthorized access to database information.

How do I fix CVE-2021-37808?

To fix CVE-2021-37808, developers should implement prepared statements or parameterized queries to prevent SQL Injection attacks.

What parameters are affected by CVE-2021-37808?

CVE-2021-37808 affects the category, subcategory, sucatdescription, and username parameters in the News Portal Project 3.1.

What software versions are vulnerable to CVE-2021-37808?

News Portal Project version 3.1 from PHPGurukul is vulnerable to CVE-2021-37808.

Can CVE-2021-37808 lead to data loss?

Yes, CVE-2021-37808 can potentially lead to data loss or unauthorized data exposure through SQL Injection.

Vulnerability/
CVE-2021-37808

medium

5.9

CWE

27/10/2021

4/8/2024

CVE-2021-37808: SQL Injection

First published: Wed Oct 27 2021(Updated: )

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
News Portal Project News Portal	=3.1
PHPGurukul News Portal	=3.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-37808?
CVE-2021-37808 has a high severity due to the existence of SQL Injection vulnerabilities that can be exploited to gain unauthorized access to database information.
How do I fix CVE-2021-37808?
To fix CVE-2021-37808, developers should implement prepared statements or parameterized queries to prevent SQL Injection attacks.
What parameters are affected by CVE-2021-37808?
CVE-2021-37808 affects the category, subcategory, sucatdescription, and username parameters in the News Portal Project 3.1.
What software versions are vulnerable to CVE-2021-37808?
News Portal Project version 3.1 from PHPGurukul is vulnerable to CVE-2021-37808.
Can CVE-2021-37808 lead to data loss?
Yes, CVE-2021-37808 can potentially lead to data loss or unauthorized data exposure through SQL Injection.

collector/nvd-index
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
vendor/news portal project
canonical/news portal project news portal
version/news portal project news portal/3.1
vendor/phpgurukul
canonical/phpgurukul news portal
version/phpgurukul news portal/3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.