CVE-2021-44600

{"id": "CVE-2021-44600", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-12-23T14:15:07.303", "references": [{"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/MSMS", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system."}, {"lang": "es", "value": "El par\u00e1metro password Simple Online Mens Salon Management System (MSMS) versi\u00f3n 1.0, parece ser vulnerable a ataques de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro password. Las pruebas de predicci\u00f3n de esta aplicaci\u00f3n interactuaron con ese dominio, lo que indica que se ejecut\u00f3 la consulta SQL inyectada. El atacante puede recuperar toda la autenticaci\u00f3n e informaci\u00f3n sobre los usuarios de este sistema"}], "lastModified": "2022-01-04T16:49:04.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_mens_salon_management_system_project:online_mens_salon_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93560DB9-A83F-4729-A624-2C2B1C84DA96"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}