CVE-2020-10106: SQL Injection
First published: Thu Mar 05 2020(Updated: )
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGurukul Daily Expense Tracker System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this exploit?
The vulnerability ID for this exploit is CVE-2020-10106.
What is the severity of CVE-2020-10106?
CVE-2020-10106 has a severity rating of 9.8 (Critical).
What is the affected software?
The affected software is PHPGurukul Daily Expense Tracker System version 1.0.
How can the SQL injection vulnerability be exploited?
The SQL injection vulnerability can be exploited by using a specially crafted email parameter in either the index.php or register.php files.
Are there any known fixes for this vulnerability?
Unfortunately, there are no known fixes or patches available for CVE-2020-10106 at this time. It is recommended to follow best practices in secure coding to mitigate the risk.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/phpgurukul
- canonical/phpgurukul daily expense tracker system
- version/phpgurukul daily expense tracker system/1.0