CVE-2021-44161 HIGH

CVE-2021-44161: Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection

Vendor Changing
Product MOTP(Mobile One Time Password)
Weakness CWE-89 · SQLi
Published December 29, 2021
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.

Key dates

02Disclosure timeline

December 29, 2021 CVE published
September 16, 2024 Record updated