CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.
References
Link Resource
https://frostylabs.net/writeups/cve-2020-11545/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:projectworlds:official_car_rental_system:1.0:*:*:*:*:*:*:*

Information

Published : 2020-04-06 04:15

Updated : 2020-04-06 11:33


NVD link : CVE-2020-11545

Mitre link : CVE-2020-11545

Products Affected
No products.
CWE