CVE-2020-25760

Published: Sep 29, 2020

Modified: Nov 11, 2025

PUBLISHED

Description

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20200922 Visitor Management System in PHP 1.0 - Authenticated SQL Injection

mailing-list

http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html

https://packetstormsecurity.com/files/author/15149/

http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html

https://www.exploit-db.com/exploits/48911

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25760

Description

Affected Products

References