CVE-2020-37081

Fishing Reservation System 7.5 - 'uid' SQL Injection

CVSS 7.1 HIGHEPSS 0.2%CWE-89

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Fishing Reservation System · Fishing Reservation System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://fishingreservationsystem.com/index.html https://www.exploit-db.com/exploits/48417 https://www.vulncheck.com/advisories/fishing-reservation-system-uid-sql-injection https://www.vulnerability-lab.com/get_content.php?id=2243