Vulnerability Description
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Bus Booking System Project | Online Bus Booking System | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-UsExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/4Mailing ListThird Party Advisory
- https://seclists.org/fulldisclosure/2020/Dec/4Mailing ListThird Party Advisory
- https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-usingThird Party Advisory
- http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-UsExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/4Mailing ListThird Party Advisory
- https://seclists.org/fulldisclosure/2020/Dec/4Mailing ListThird Party Advisory
- https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-usingThird Party Advisory
FAQ
What is CVE-2020-25889?
CVE-2020-25889 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can g...
How severe is CVE-2020-25889?
CVE-2020-25889 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-25889?
Check the references section above for vendor advisories and patch information. Affected products include: Online Bus Booking System Project Online Bus Booking System.