CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
References
Link Resource
https://www.exploit-db.com/exploits/48439 Exploit Third Party Advisory
https://www.sourcecodester.com Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:pisay_online_e-learning_system_project:pisay_online_e-learning_system:1.0:*:*:*:*:*:*:*

Information

Published : 2020-06-22 06:15

Updated : 2020-09-03 12:16


NVD link : CVE-2020-14972

Mitre link : CVE-2020-14972

Products Affected
No products.
CWE