Skip to main content

Vehicle Parking Management System CVE-2021-37806

MEDIUM
SQL Injection (CWE-89)
2021-10-27 cve@mitre.org
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 27, 2021 - 17:15 nvd
MEDIUM 5.9

DescriptionNVD

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

AnalysisAI

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. Affected products include: Phpgurukul Vehicle Parking Management System. Version information: version 1.0..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2025-45885 CRITICAL POC
9.8 May 09

PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Rat

CVE-2025-4705 MEDIUM POC
6.9 May 15

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. Rated medium severity (CVSS 6.9), this v

CVE-2025-4703 MEDIUM POC
6.9 May 15

A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Rated me

CVE-2025-4702 MEDIUM POC
6.9 May 15

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Rated

CVE-2025-4704 MEDIUM POC
6.9 May 15

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Rated medium

CVE-2020-23936 CRITICAL
9.8 Aug 20

PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Passwo

CVE-2024-53365 MEDIUM POC
5.4 Nov 26

A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 i

CVE-2024-53364 MEDIUM POC
5.4 Dec 02

A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php.

CVE-2021-37805 MEDIUM POC
5.4 Oct 27

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected vers

CVE-2021-27822 MEDIUM POC
4.8 Aug 19

A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System

CVE-2025-1163 MEDIUM POC
4.8 Feb 11

A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. Rated medium se

Share

CVE-2021-37806 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy