CVE-2020-28073 — SQL Injection in Management System Project Library Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Library Management System Project Library Management System

Timeline

PublishedDec 23

Latest updateMay 24

Description

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDlibrary_management_system_project/library_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-qcfr-j8mx-6wf3: SourceCodester Library Management System 1↗2022-05-24

▶

CVEList

CVE-2020-28073: SourceCodester Library Management System 1↗2020-12-23

▶