Vulnerability Details CVE-2020-23833
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://packetstormsecurity.com/files/158811/House-Rental-1.0-SQL-Injection.html
- https://projectworlds.in
- https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip
- https://packetstormsecurity.com/files/158811/House-Rental-1.0-SQL-Injection.html
- https://projectworlds.in
- https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip
Products affected by CVE-2020-23833
-
cpe:2.3:a:projectworlds:house_rental:1.0