Skip to main content

Casap Automated Enrollment System CVE-2021-26201

CRITICAL
SQL Injection (CWE-89)
2021-02-15 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 15, 2021 - 21:15 nvd
CRITICAL 9.8

DescriptionNVD

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.

AnalysisAI

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. Affected products include: Casap Automated Enrollment System Project Casap Automated Enrollment System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2021-26223 CRITICAL POC
9.8 Jul 22

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute

CVE-2021-26226 CRITICAL POC
9.8 Jul 22

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute

CVE-2021-26229 CRITICAL POC
9.8 Jul 22

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute

CVE-2021-26228 CRITICAL POC
9.8 Jul 22

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute

CVE-2021-27332 MEDIUM POC
6.1 Jul 22

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attacke

CVE-2021-40261 MEDIUM POC
6.1 Nov 08

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via th

CVE-2021-26230 MEDIUM POC
6.1 Jul 22

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attacke

CVE-2021-26227 MEDIUM POC
6.1 Jul 22

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attacke

CVE-2021-3294 MEDIUM POC
5.4 Feb 09

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. Rated medium severity (CVS

CVE-2021-27129 MEDIUM POC
5.4 Apr 15

CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students >

Share

CVE-2021-26201 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy