CVE-2020-25760
N/A
N/A
Summary
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2020/Sep/43
- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- https://packetstormsecurity.com/files/author/15149/
- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
References
- http://seclists.org/fulldisclosure/2020/Sep/43
- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- https://packetstormsecurity.com/files/author/15149/
- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- https://www.exploit-db.com/exploits/48911
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.