QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25762

Published: Sep 29, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.html

x_refsource_MISC

20200922 Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)

mailing-list

x_refsource_FULLDISC

https://packetstormsecurity.com/files/author/15149

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.