CVE-2021-4290 - Vulnerability Details - OpenCVE

A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fallstudie Project	Fallstudie

Configuration 1 [-]

cpe:2.3:a:fallstudie_project:fallstudie:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123
https://vuldb.com/?ctiid.216907
https://vuldb.com/?id.216907

History

Tue, 15 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-27T22:37:48.115Z

Updated: 2025-04-14T16:24:13.435Z

Reserved: 2022-12-27T22:36:03.849Z

Link: CVE-2021-4290

Vulnrichment

Updated: 2024-08-03T17:23:10.419Z

NVD

Status : Modified

Published: 2022-12-27T23:15:10.607

Modified: 2024-11-21T06:37:19.913

Link: CVE-2021-4290

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4290", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2022-12-27T22:36:03.849Z", "datePublished": "2022-12-27T22:37:48.115Z", "dateUpdated": "2025-04-14T16:24:13.435Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-27T22:37:48.115Z"}, "title": "DHBW Fallstudie Login passport.js sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "n/a", "product": "DHBW Fallstudie", "versions": [{"version": "n/a", "status": "affected"}], "modules": ["Login"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907."}, {"lang": "de", "value": "In DHBW Fallstudie wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei app/config/passport.js der Komponente Login. Durch das Beeinflussen des Arguments id/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5c13c6a972ef4c07c5f35b417916e0598af9e123 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}], "timeline": [{"time": "2022-12-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2022-12-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2022-12-27T23:42:44.000Z", "lang": "en", "value": "VulDB last update"}], "references": [{"url": "https://vuldb.com/?id.216907", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.216907", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.419Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.216907", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.216907", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123", "tags": ["patch", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T16:24:01.066236Z", "id": "CVE-2021-4290", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:24:13.435Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.216907", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.216907", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.419Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4290", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-14T16:24:01.066236Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:24:07.301Z"}}], "cna": {"title": "DHBW Fallstudie Login passport.js sql injection", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "n/a", "modules": ["Login"], "product": "DHBW Fallstudie", "versions": [{"status": "affected", "version": "n/a"}]}], "timeline": [{"lang": "en", "time": "2022-12-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2022-12-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2022-12-27T23:42:44.000Z", "value": "VulDB last update"}], "references": [{"url": "https://vuldb.com/?id.216907", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.216907", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907."}, {"lang": "de", "value": "In DHBW Fallstudie wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei app/config/passport.js der Komponente Login. Durch das Beeinflussen des Arguments id/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5c13c6a972ef4c07c5f35b417916e0598af9e123 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-27T22:37:48.115Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4290", "state": "PUBLISHED", "dateUpdated": "2025-04-14T16:24:13.435Z", "dateReserved": "2022-12-27T22:36:03.849Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-12-27T22:37:48.115Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fallstudie_project:fallstudie:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5557890-EAD0-49B4-8464-ADD1C7E9CE36", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en DHBW Fallstudie. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo app/config/passport.js del componente Login es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id/email conduce a la inyecci\u00f3n de SQL. El nombre del parche es 5c13c6a972ef4c07c5f35b417916e0598af9e123. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216907."}], "id": "CVE-2021-4290", "lastModified": "2024-11-21T06:37:19.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-27T23:15:10.607", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.216907"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.216907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216907"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}]}