CVE-2020-11545

Name of the Vulnerable Software and Affected Versions Project Worlds Official Car Rental System 1

Description The issue is related to multiple SQL injection problems. Specifically, it affects the email and parameters in account.php, uname and pass parameters in login.php, and the id parameter in book car.php. This allows an attacker to dump the MySQL database and bypass the login authentication prompt. The vulnerability is due to the lack of protection against SQL query structure when handling these parameters, enabling a remote attacker to circumvent security restrictions during system login.

Recommendations For Project Worlds Official Car Rental System 1, consider disabling the vulnerable parameters email, uname, pass, and id in the respective files account.php, login.php, and book car.php until a patch is available. Restrict access to these files to minimize the risk of exploitation. Avoid using the parameters uname, pass, and id in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.