CVE-2020-25905

CRITICAL

Mobile Shop System - SQL Injection

Title source: rule

Description

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.

Exploits (1)

exploitdb WORKING POC

by Moaaz Taha · textwebappsphp

https://www.exploit-db.com/exploits/48916

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/159132/Mobile-Shop-System-1.0-SQL-Injection.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48916

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

mobile_shop_system_project/mobile_shop_system 1.0

Published Jan 28, 2022

Tracked Since Feb 18, 2026