CVE-2021-47848 | THREATINT

Description

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-21 | Updated 2026-01-22 | Assigner VulnCheck

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

1.0

affected

Credits

sigeri94 finder

References

www.exploit-db.com/exploits/49759 (ExploitDB-49759) exploit

github.com/satndy/Aplikasi-Biro-Travel (Aplikasi Biro Travel GitHub Repository) product

www.vulncheck.com/...itar-tourism-authentication-bypass-sqli (VulnCheck Advisory: Blitar Tourism 1.0 - Authentication Bypass SQLi) third-party-advisory

cve.org (CVE-2021-47848)

nvd.nist.gov (CVE-2021-47848)

Download JSON