CVE-2021-36560

CVE

Critical

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover o…

CVSS

9.8

Critical

EPSS

0.01

p70

Published

2021-01-01

Updated

2021-01-01

Description

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.

Tags · CWE

Pre-auth

CWE-425

CAPEC-87

CAPEC-127

CAPEC-143

CAPEC-144

CAPEC-668

Affected products

Phone_shop_sales_management_system

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.015 · p70

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1083File and Directory Discovery

└ via CAPEC-127 · CWE-425

T1565.002Transmitted Data Manipulation

└ via CAPEC-668 · CWE-425

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Phone_shop_sales_management_system_project

Phone Shop Sales Management System

Product	Vendor	Status
phone_shop_sales_management_system	*	Tracked

Source databases

CVE