CVE-2020-25760: SQL Injection
First published: Tue Sep 29 2020(Updated: )
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Visitor Management System in PHP | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25760?
CVE-2020-25760 is a vulnerability in Projectworlds Visitor Management System in PHP 1.0 that allows SQL Injection.
What is the severity of CVE-2020-25760?
The severity of CVE-2020-25760 is high with a CVSS score of 8.8.
How does CVE-2020-25760 affect the software?
CVE-2020-25760 affects Projectworlds Visitor Management System in PHP 1.0.
What can an attacker do with CVE-2020-25760?
An attacker can append SQL queries to the 'rid' parameter to extract sensitive information from the database.
How can I fix CVE-2020-25760?
To fix CVE-2020-25760, it is recommended to perform input validation on the 'rid' parameter in the file front.php.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/projectworlds
- canonical/projectworlds visitor management system in php
- version/projectworlds visitor management system in php/1.0