PT-2020-16055 · Sourcecodester · Sourcecodester Online Bus Booking System

Ko-Kn3T

Published

2020-10-08

Updated

2020-10-16

CVE-2020-25272

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Online Bus Booking System version 1.0

Description The issue concerns a problem where an attacker can inject malicious code through the name parameter in the "book now.php" endpoint. This allows for potential exploitation.

Recommendations For SourceCodester Online Bus Booking System version 1.0, consider validating and sanitizing user input for the name parameter in the "book now.php" file to prevent code injection. As a temporary workaround, restrict access to the "book now.php" endpoint until a proper fix is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-25272

Affected Products

Sourcecodester Online Bus Booking System

PT-2020-16055 · Sourcecodester · Sourcecodester Online Bus Booking System

CVE-2020-25272

Weakness Enumeration

Related Identifiers

Affected Products

References · 4