Vulnerability Description
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple College Project | Simple College | 1.0 |
Related Weaknesses (CWE)
References
- https://dl.packetstormsecurity.net/2010-exploits/simplecollegewebsite10-sqlexec.ExploitThird Party Advisory
- https://github.com/yunaranyancat/poc-dump/blob/main/simplecollegewebsite/sqli_rcExploitThird Party Advisory
- https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysProductThird Party Advisory
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-colThird Party Advisory
- https://dl.packetstormsecurity.net/2010-exploits/simplecollegewebsite10-sqlexec.ExploitThird Party Advisory
- https://github.com/yunaranyancat/poc-dump/blob/main/simplecollegewebsite/sqli_rcExploitThird Party Advisory
- https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysProductThird Party Advisory
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-colThird Party Advisory
FAQ
What is CVE-2020-28172?
CVE-2020-28172 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus ga...
How severe is CVE-2020-28172?
CVE-2020-28172 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-28172?
Check the references section above for vendor advisories and patch information. Affected products include: Simple College Project Simple College.