CVE-2020-28994
CRITICALKarenderia Multiple Restaurant System < 5.4.2 - Unauthenticated SQL Injection
Title source: llmDescription
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/wes4m/e32080b02c2cd668d50eeac66613ca1d
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
karenderia_multiple_restaurant_system_project/karenderia_multiple_restaurant_system
< 5.4.2
Published
Nov 24, 2020
Tracked Since
Feb 18, 2026