CVE-2020-10106
Severity
9.8CRITICAL
EPSS
0.1%
top 70.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 5
Latest updateMay 24
Description
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9