CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-11545

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1190%
EPSS Percentile32.06th
Published2020年4月6日
Last Modified2024年11月21日

Vulnerability Description

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.

Affected Platforms (CPE)

📦
Projectworlds

Official Car Rental System

= 1.0

References & Advisories

🔗 https://frostylabs.net/writeups/cve-2020-11545/
🔗 https://frostylabs.net/writeups/cve-2020-11545/

相關漏洞威脅

CVE-2020-115447.2

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server wit...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...

CVE-2020-677010.0

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...