CVE-2020-25762
published 2020-09-30CVE-2020-25762: An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password…
PriorityP268critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
11.30%
95.4th percentile
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| seat_reservation_system_project | seat_reservation_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /admin/ajax.php with the query parameter action=login for SQL injection payloads in the username or password fields (e.g., single quotes, comment sequences, boolean/time-based blind payloads). ↗
- →The exploit uses the X-Requested-With: XMLHttpRequest header alongside Content-Type: application/x-www-form-urlencoded targeting the login endpoint; correlate this header combination with anomalous username/password values as a detection signal. ↗
- →SQLmap activity against this target can be identified by high-thread-count (--threads=10) rapid sequential POST requests to the login endpoint from a single source IP. ↗
- ·The vulnerable endpoint path includes the application subdirectory /seat_reservation/; deployments may vary the root path, so detection rules should match on the relative path /admin/ajax.php?action=login regardless of the install prefix. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2020/Sep/42https://packetstormsecurity.com/files/author/15149http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2020/Sep/42https://packetstormsecurity.com/files/author/15149
2020-09-30
Published