Описание
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:seat_reservation_system_project:seat_reservation_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.17864
Средний
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
EPSS
Процентиль: 95%
0.17864
Средний
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-89