CVE-2020-12429

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 32.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Course Registration

Timeline

PublishedApr 28

Latest updateMay 24

Description

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/online_course_registration2.0

🔴Vulnerability Details

GHSA

GHSA-7p3q-2f2p-x732: Online Course Registration 2↗2022-05-24

▶

CVEList

CVE-2020-12429: Online Course Registration 2↗2020-04-28

▶