PT-2020-17134 · Php/Pdo · Point Of Sales

Bigtiger2020

Published

2020-12-02

Updated

2020-12-04

CVE-2020-29285

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Point of Sales in PHP/PDO version 1.0

Description A SQL injection issue was found, which can be exploited through the id parameter in the "edit category.php" endpoint. This allows for potential manipulation of database queries.

Recommendations For Point of Sales in PHP/PDO version 1.0, consider restricting access to the "edit category.php" endpoint until a patch is available, and avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-29285

Affected Products

Point Of Sales

PT-2020-17134 · Php/Pdo · Point Of Sales

CVE-2020-29285

Weakness Enumeration

Related Identifiers

Affected Products

References · 7