CVE-2020-14972

Name of the Vulnerable Software and Affected Versions Sourcecodester Pisay Online E-Learning System version 1.0

Description The issue allows remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user email, user pass, and id parameters on the admin login-portal and the edit-lessons webpages. This is due to multiple SQL injection vulnerabilities.

Recommendations For Sourcecodester Pisay Online E-Learning System version 1.0, as a temporary workaround, consider restricting access to the admin login-portal and the edit-lessons webpages to minimize the risk of exploitation. Avoid using the user email, user pass, and id parameters in the affected webpages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.