{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47846", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-14T17:11:19.902Z", "datePublished": "2026-01-21T17:27:34.674Z", "dateUpdated": "2026-04-07T14:06:18.340Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:06:18.340Z" }, "title": "Digital Crime Report Management System 1.0 - SQL Injection", "descriptions": [ { "lang": "en", "value": "Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE" } ] } ], "affected": [ { "vendor": "I Want Source Codes", "product": "Digital Crime Report Management System", "versions": [ { "version": "1.0", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/49761", "name": "ExploitDB-49761", "tags": [ "exploit" ] }, { "url": "https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/", "name": "Vendor Homepage", "tags": [ "product" ] }, { "url": "https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2", "name": "Software Download Link", "tags": [ "product" ] }, { "name": "VulnCheck Advisory: Digital Crime Report Management System 1.0 - SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/digital-crime-report-management-system-sql-injection" } ], "credits": [ { "lang": "en", "value": "Galuh Muhammad Iman Akbar (GaluhID)", "type": "finder" } ], "x_generator": { "engine": "vulncheck" }, "datePublic": "2021-04-14T00:00:00.000Z" }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-22T15:53:24.785119Z", "id": "CVE-2021-47846", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T15:53:32.751Z" } } ] } }