Open in app

Sign in

Write

Sign in

CVE-2020–25409

Nikhil kumar
May 24, 2021

--

#Exploit Title : Projects worlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.

#Exploit Author : Nikhil Kumar

#vendor : Project Worlds

#Application Link : https://github.com/olotieno/College-Management-System-Php/tree/master/College-Management-System%20in%20Php_5.5/College-Management-System%20in%20Php_5.5

#Version: 1.0

# CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25409

# CVE: CVE-2020–25409

What is SQL Injection :

A SQL injection attack consists of insertion of a SQL query via the input field of a application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete).

Attack Vector:

Attacker Can dump the entire database, modify the existing data in databases.

Vulnerable component: everyone.php

Remediation :

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

Author: Nikhil Kumar
https://www.linkedin.com/in/nikhil-kumar-4b9443166/

Cve
Information Security

--

--

Nikhil kumar

Written by Nikhil kumar

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams