Vulnerability Summary
An SQL injection vulnerability exists in the login form of the Resumes Management and Job Application Website application by EGavilan Media. This vulnerability allows unauthenticated attackers to bypass authentication and gain administrative access.
An SQL Injection attack consists of inserting an SQL query through client-supplied input into the application’s backend query. If improperly sanitized, the attacker may read or modify sensitive data, escalate privileges, or execute system-level commands.
CVSS v3.1 Metrics
| Metric | Value |
|---|---|
| Base Score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Weakness Enumeration
| CWE ID | Description |
|---|---|
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
Proof of Concept (PoC)
Steps to Reproduce
- Download, install, and run the Resumes Management and Job Application Website application.
- Navigate to:
http://localhost/login.html - Enter the following credentials in the login form:
- Username:
admin'-- - - Password: any value
- Username:
- Click the Login button.
This results in a successful authentication bypass and grants unauthorized access.
Suggested Mitigations
- Use prepared statements with parameterized queries.
- Implement stored procedures for database operations.
- Apply allow-list input validation on all user input.
- Escape and sanitize all user-supplied input before processing.
References
- https://github.com/EGavilan-Media/Resumes-Management-and-Job-Application-Website-with-PHP-Bootstrap-and-MySQL
- https://www.cve.org/CVERecord?id=CVE-2021-41433
- https://nvd.nist.gov/vuln/detail/CVE-2021-41433
- https://portswigger.net/web-security/sql-injection
- https://portswigger.net/support/using-sql-injection-to-bypass-authentication