exploitDog

CVE-2020-10106

Опубликовано: 05 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.

Ссылки

https://frostylabs.net/writeups/cve-2020-10106/
Exploit
Third Party Advisory
https://frostylabs.net/writeups/cve-2020-10106/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:daily_expense_tracker_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xvvh-54m6-j663

github

больше 3 лет назад

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.

EPSS

Процентиль: 30%

0.0011

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89