CVE-2020-23466

MEDIUM

phpgurukul Online Marriage Registration System 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23466. PoCs published by that faceless coder.

AI-analyzed exploit summary The writeup describes a stored XSS vulnerability in Online Marriage Registration System 1.0, where user-supplied input is inserted into the database without proper sanitization and later rendered unsafely. The provided code snippet shows the vulnerable SQL insertion logic and highlights the lack of input validation.

Description

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

Exploits (1)

exploitdb WRITEUP
by that faceless coder · textwebappsphp
https://www.exploit-db.com/exploits/48522

The writeup describes a stored XSS vulnerability in Online Marriage Registration System 1.0, where user-supplied input is inserted into the database without proper sanitization and later rendered unsafely. The provided code snippet shows the vulnerable SQL insertion logic and highlights the lack of input validation.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Online Marriage Registration System 1.0
Auth required
Prerequisites: Access to the registration form · Ability to submit crafted input
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48522

Scores

CVSS v3 5.4
EPSS 0.0052
EPSS Percentile 39.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpgurukul/online_marriage_registration_system 1.0
Published Aug 19, 2022
Tracked Since Feb 18, 2026