Digital Crime Report Management System 1.0 - SQL Injection | Advisories

Advisories

Digital Crime Report Management System 1.0 - SQL Injection

severity: high
date: January 21, 2026
Affecting: Digital Crime Report Management System 1.0
CVE: CVE-2021-47846
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS: 8.8
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-49761
Vendor Homepage
Software Download Link
Credit: Galuh Muhammad Iman Akbar (GaluhID)
Description: Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.