cvedb.io
CVE-2021-45253
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-12-21T12:15:07.527 · Last modified 2026-06-17T04:13:13.307

Summary

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.

Affected products

simple_cold_storage_management_system_project — simple_cold_storage_managment_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when simple_cold_storage_management_system_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.