← back
CVE-2020-25762

CVE-2020-25762

EPSS 11.3%
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/author/15149unverifiedexploitdbwww.exploit-db.com/exploits/48889unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2020/Sep/42https://packetstormsecurity.com/files/author/15149