Vulnerability Details CVE-2020-29285
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/BigTiger2020/Point-of-Sales/blob/main/README.md
- https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql
- https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html
- https://github.com/BigTiger2020/Point-of-Sales/blob/main/README.md
- https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql
Products affected by CVE-2020-29285
-
cpe:2.3:a:point_of_sales_in_php/pdo_project:point_of_sales_in_php/pdo:1.0