CVE-2020-35378

CRITICAL

Online Bus Ticket Reservation - SQL Injection

Title source: rule

Description

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.

Exploits (1)

exploitdb WORKING POC

by Sakshi Sharma · textwebappsphp

https://www.exploit-db.com/exploits/49212

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49212

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_bus_ticket_reservation_project/online_bus_ticket_reservation 1.0

Published Dec 14, 2020

Tracked Since Feb 18, 2026