Unrated severityNVD Advisory· Published Dec 23, 2021· Updated Aug 4, 2024
CVE-2021-44599
CVE-2021-44599
Description
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Online Enrollment Management System/Online Enrollment Management Systemdescription
- Range: =1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.