PT-2020-16056 · Sourcecodester · Sourcecodester Online Bus Booking System

Ko-Kn3T

Published

2020-10-08

Updated

2021-07-21

CVE-2020-25273

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Bus Booking System version 1.0

Description The issue concerns an authentication bypass on the Admin Login screen. This is achieved through SQL injection in the username or password fields in the admin.php file.

Recommendations For SourceCodester Online Bus Booking System version 1.0, consider implementing proper input validation and sanitization to prevent SQL injection attacks, and ensure that authentication mechanisms are secure to prevent bypass.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-25273

Affected Products

Sourcecodester Online Bus Booking System

PT-2020-16056 · Sourcecodester · Sourcecodester Online Bus Booking System

CVE-2020-25273

Weakness Enumeration

Related Identifiers

Affected Products

References · 4