CVE-2020-12429

Name of the Vulnerable Software and Affected Versions Online Course Registration version 2.0

Description The issue concerns multiple SQL injections that can lead to a complete database compromise and authentication bypass in various login pages, including admin/change-password.php, admin/check availability.php, admin/index.php, change-password.php, check availability.php, includes/header.php, index.php, and pincode-verification.php.

Recommendations For Online Course Registration version 2.0, consider disabling access to the affected login pages until a patch is available. Restrict access to the SQL database to minimize the risk of exploitation. Avoid using user-input data directly in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.