CVE-2020-25889

CRITICAL

Online Bus Booking System Project Using PHP/MySQL 1.0 - SQL Injection via Login Page

Title source: llm
STIX 2.1

Description

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/4
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Dec/4

Scores

CVSS v3 9.8
EPSS 0.0273
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
online_bus_booking_system_project/online_bus_booking_system 1.0
Published Dec 08, 2020
Tracked Since Feb 18, 2026