CVE-2020-10106

Name of the Vulnerable Software and Affected Versions PHPGurukul Daily Expense Tracker System version 1.0

Description The issue allows for SQL injection, as demonstrated by the email parameter in "index.php" or "register.php", enabling the dumping of the MySQL database and bypassing the login prompt.

Recommendations For PHPGurukul Daily Expense Tracker System version 1.0, consider restricting access to the email parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the email parameter in "index.php" or "register.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.