CVE-2020-25273

CRITICAL

Online Bus Booking System 1.0 - Authentication Bypass via SQL Injection in Admin Login

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25273. PoCs published by Ko-kn3t.

AI-analyzed exploit summary This repository provides a writeup for CVE-2020-25273, detailing an authentication bypass vulnerability in Online Bus Booking System 1.0 via SQL injection in the admin login panel. The attack vector involves injecting SQL payloads into the username and password fields to bypass authentication.

Description

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.

Exploits (1)

nomisec WRITEUP 1 stars

by Ko-kn3t · poc

https://github.com/Ko-kn3t/CVE-2020-25273

View Code ZIP pw:eip

This repository provides a writeup for CVE-2020-25273, detailing an authentication bypass vulnerability in Online Bus Booking System 1.0 via SQL injection in the admin login panel. The attack vector involves injecting SQL payloads into the username and password fields to bypass authentication.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Online Bus Booking System 1.0

No auth needed

Prerequisites: Access to the admin login panel

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://www.sourcecodester.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Ko-kn3t/CVE-2020-25273

Scores

CVSS v3 9.8

EPSS 0.0179

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_bus_booking_system_project/online_bus_booking_system 1.0

Published Oct 08, 2020

Tracked Since Feb 18, 2026