CVE-2020-10106
CRITICALPHPGurukul Daily Expense Tracker System 1.0 - SQL Injection via Email Parameter
Title source: llmDescription
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://frostylabs.net/writeups/cve-2020-10106/
Scores
CVSS v3
9.8
EPSS
0.0011
EPSS Percentile
28.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpgurukul/daily_expense_tracker_system
1.0
Published
Mar 05, 2020
Tracked Since
Feb 18, 2026