Details of VAR-202110-1573

ID

VAR-202110-1573

CVE

CVE-2021-37806

TITLE

Vehicle Parking Management System In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-014528

DESCRIPTION

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database

Trust: 1.71

sources: NVD: CVE-2021-37806 // JVNDB: JVNDB-2021-014528 // VULMON: CVE-2021-37806

IOT TAXONOMY

category:

['vehicle device']

sub_category:

vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	phpgurukul	model:	vehicle parking management system	scope:	eq	version:	1.0	Trust: 1.8
vendor:	phpgurukul	model:	vehicle parking management system	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014528 // NVD: CVE-2021-37806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37806
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-37806
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-2010
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-37806
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37806
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-37806
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37806
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-37806 // JVNDB: JVNDB-2021-014528 // CNNVD: CNNVD-202110-2010 // NVD: CVE-2021-37806

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014528 // NVD: CVE-2021-37806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2010

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-2010

PATCH

title:	Vehicle Parking Management system	url:	https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/	Trust: 0.8
title:	Vehicle Parking Management System SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168166	Trust: 0.6
title:	CVE-nu11secur1ty	url:	https://github.com/nu11secur1ty/CVE-nu11secur1ty	Trust: 0.1
title:	Windows10Exploits Download a single CVE	url:	https://github.com/nu11secur1ty/Windows10Exploits	Trust: 0.1
title:	OPSEC-Hall-of-fame 😎	url:	https://github.com/Offensive-Penetration-Security/OPSEC-Hall-of-fame	Trust: 0.1
title:	CVE-Mitre Download single CVE	url:	https://github.com/nu11secur1ty/CVE-mitre	Trust: 0.1
title:	CVE-Mitre Download single CVE	url:	https://github.com/nu11secur1ty/CVE	Trust: 0.1

sources: VULMON: CVE-2021-37806 // JVNDB: JVNDB-2021-014528 // CNNVD: CNNVD-202110-2010

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37806	Trust: 3.4
db:	PACKETSTORM	id:	163626	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-014528	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2010	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-37806	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-37806 // JVNDB: JVNDB-2021-014528 // CNNVD: CNNVD-202110-2010 // NVD: CVE-2021-37806

REFERENCES

url:	https://packetstormsecurity.com/files/163626/vehicle-parking-management-system-1.0-sql-injection.html	Trust: 2.5
url:	https://streamable.com/rfcchi	Trust: 1.7
url:	https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-37806	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37806	Trust: 1.4
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nu11secur1ty/cve-nu11secur1ty	Trust: 0.1
url:	https://github.com/nu11secur1ty/windows10exploits	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-37806 // JVNDB: JVNDB-2021-014528 // CNNVD: CNNVD-202110-2010 // NVD: CVE-2021-37806

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-37806
db:	JVNDB	id:	JVNDB-2021-014528
db:	CNNVD	id:	CNNVD-202110-2010
db:	NVD	id:	CVE-2021-37806

LAST UPDATE DATE

2025-01-30T19:28:27.963000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-37806	date:	2023-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-014528	date:	2022-10-20T02:55:00
db:	CNNVD	id:	CNNVD-202110-2010	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-37806	date:	2023-11-14T17:07:02.550

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-37806	date:	2021-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-014528	date:	2022-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202110-2010	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2021-37806	date:	2021-10-27T17:15:10.617