CVE-2020-25889
CRITICALOnline Bus Booking System Project Using PHP/MySQL 1.0 - SQL Injection via Login Page
Title source: llmDescription
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/4
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Dec/4
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-Using-PHP-MySQL-1.0-SQL-Injection.html
Scores
CVSS v3
9.8
EPSS
0.0273
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
online_bus_booking_system_project/online_bus_booking_system
1.0
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026