CVE-2020-25762

CRITICAL

Seat Reservation System 1.0 - SQL Injection via admin_class.php Login Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25762. PoCs published by Rahul Ramkumar.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated SQL injection vulnerability in Seat Reservation System 1.0. The POC shows how to intercept and manipulate a login request to inject SQL payloads using SQLmap.

Description

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

Exploits (1)

exploitdb WORKING POC
by Rahul Ramkumar · textwebappsphp
https://www.exploit-db.com/exploits/48889

This exploit demonstrates an unauthenticated SQL injection vulnerability in Seat Reservation System 1.0. The POC shows how to intercept and manipulate a login request to inject SQL payloads using SQLmap.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Seat Reservation System 1.0
No auth needed
Prerequisites: Access to the admin login page · HTTP intercept tool (e.g., Burp Suite) · SQLmap
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.html
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Sep/42
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/author/15149

Scores

CVSS v3 9.1
EPSS 0.1117
EPSS Percentile 95.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-89
Status published
Products (1)
seat_reservation_system_project/seat_reservation_system 1.0
Published Sep 30, 2020
Tracked Since Feb 18, 2026