Vulnerability Details CVE-2020-25889
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-Using-PHP-MySQL-1.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2020/Dec/4
- https://seclists.org/fulldisclosure/2020/Dec/4
- https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
- http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-Using-PHP-MySQL-1.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2020/Dec/4
- https://seclists.org/fulldisclosure/2020/Dec/4
- https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
Products affected by CVE-2020-25889
-
cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0