CVE-2020-25760

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Ссылки

http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Sep/43
Exploit
Mailing List
Third Party Advisory
https://packetstormsecurity.com/files/author/15149/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/48911
http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Sep/43
Exploit
Mailing List
Third Party Advisory
https://packetstormsecurity.com/files/author/15149/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:visitor_management_system_in_php:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00366

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rwj7-6838-wfrj