CVEs-PoC/2021/CVE-2021-25898.md

### [CVE-2021-25898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25898)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.

### POC

#### Reference
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765

#### Github
No PoCs found on GitHub currently.