Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-44321

Good to know:

icon

Date: March 4, 2022

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.

Language: PHP

Severity Score

Related Resources (4)

https://huntr.dev/bounties/1d84931c-ee10-4944-9764-d96612cdbc71/
https://nvd.nist.gov/vuln/detail/CVE-2021-44321
https://1410inc.xyz/mini-inventory-and-sales-management-system/
https://www.mend.io/vulnerability-database/CVE-2021-44321

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version xiabin/ci_fastdev - no_fix;ellislab/codeigniter - dev-3.1-stable;ellislab/codeigniter - 3.1.3;georde/geosan - 1.1.7;schema31/php-ci-restserver - 3.0.1;hanischit/codeigniter-restserver - 3.0.1;ctberdon/sample-blog - no_fix;nielbuys/framework - dev-3.1-stable;nielbuys/framework - 3.1.3;atha/ci-rest-server - no_fix;chriskacerguis/codeigniter-restserver - 3.0.1;sproypef/ci_lte2 - no_fix;codeigniter31/framework - dev-3.1-stable;codeigniter31/framework - 3.1.3;wangshixiang/codeigniter-restserver - 3.0.1;codeigniter/framework - 3.1.3;codeigniter/framework - dev-3.1-stable;fbc-sis/codeigniter - 3.1.3;fbc-sis/codeigniter - dev-3.1-stable;webdmg/base - 3.0.7;lidan86/rest-codeigneter - no_fix;bcit-ci/codeigniter - 3.1.3;bcit-ci/codeigniter - dev-3.1-stable;sjtu-umji-tech/ji-life - dev-inspinia;medansoftware/codeigniter-hmvc-restserver - 3.0.1;smarthacks/smartpatch - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us