CVE-2020-28994

CRITICAL

Karenderia Multiple Restaurant System < 5.4.2 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/wes4m/e32080b02c2cd668d50eeac66613ca1d

Scores

CVSS v3 9.8
EPSS 0.0127
EPSS Percentile 66.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
karenderia_multiple_restaurant_system_project/karenderia_multiple_restaurant_system < 5.4.2
Published Nov 24, 2020
Tracked Since Feb 18, 2026