PT-2020-16186 · Projectworlds · Projectworlds Visitor Management System
Ava Tester One
+1
·
Published
2020-09-29
·
Updated
2026-01-23
·
CVE-2020-25760
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Projectworlds Visitor Management System version 1.0
Description
The issue allows for SQL Injection due to a lack of input validation on the
rid parameter in the front.php file. This enables an attacker to append SQL queries to the input, potentially extracting sensitive information from the database.Recommendations
For version 1.0, ensure input validation is performed on the
rid parameter in the front.php file to prevent SQL Injection attacks. As a temporary workaround, consider restricting access to the front.php file until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Projectworlds Visitor Management System