Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-37081. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary This is a working proof-of-concept for SQL injection vulnerabilities in Fishing Reservation System 7.5, targeting multiple parameters in admin.php, calendar.php, and cart.php. The PoC demonstrates UNION-based SQLi to extract database version information.
Description
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.
Exploits (1)
This is a working proof-of-concept for SQL injection vulnerabilities in Fishing Reservation System 7.5, targeting multiple parameters in admin.php, calendar.php, and cart.php. The PoC demonstrates UNION-based SQLi to extract database version information.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N