First published: Mon Dec 13 2021(Updated: )
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PHPGURUKUL Employee Record Management System | =1.2 | |
=1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-44966 is critical with a CVSS score of 9.8.
CVE-2021-44966 allows an attacker to bypass authentication and log in as an admin account, giving them the ability to manipulate sensitive information on the system.
An attacker can exploit CVE-2021-44966 by injecting malicious SQL queries in the index.php file of PHPGURUKUL Employee Record Management System 1.2.
The Common Weakness Enumeration (CWE) ID associated with CVE-2021-44966 is CWE-89.
Currently, there is no official fix available for CVE-2021-44966. It is recommended to apply security patches or updates provided by the vendor, if any.