CVE-2020-25760

HIGH

Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25760. PoCs published by Rahul Ramkumar.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in Visitor Management System in PHP 1.0. The 'rid' parameter in front.php is not properly sanitized, allowing an attacker to inject SQL queries and extract sensitive information from the database.

Description

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Exploits (1)

exploitdb WORKING POC

by Rahul Ramkumar · textwebappsphp

https://www.exploit-db.com/exploits/48911

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in Visitor Management System in PHP 1.0. The 'rid' parameter in front.php is not properly sanitized, allowing an attacker to inject SQL queries and extract sensitive information from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Visitor Management System in PHP 1.0

Auth required

Prerequisites: Access to the application · Valid credentials · SQLmap tool

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2020/Sep/43

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry

https://packetstormsecurity.com/files/author/15149/

Exploit, Third Party Advisory

https://www.exploit-db.com/exploits/48911

Scores

CVSS v3 8.8

EPSS 0.0217

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

projectworlds/visitor_management_system 1.0

Published Sep 30, 2020

Tracked Since Feb 18, 2026