CVE-2021-41651: SQL Injection
First published: Mon Oct 04 2021(Updated: )
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hotel Management System Project Hotel Management System | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2021-41651.
What is the affected software?
The affected software is Hotel Management System.
How severe is this vulnerability?
This vulnerability has a severity rating of 7.5 (high).
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by manipulating the cid parameter in process_update_profile.php to perform a blind SQL injection attack.
Are there any known fixes for this vulnerability?
At the moment, there are no known fixes or patches available for this vulnerability. It is recommended to monitor official sources for any updates or patches.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/hotel management system project
- canonical/hotel management system project hotel management system