SQL Injection Vulnerability in Online Course Registration by Online Course Solutions
CVE-2020-12429

9.8CRITICAL

Key Information:

Vendor

PHPgurukul
Status
Online Course Registration
Vendor
CVE Published:
28 April 2020

What is CVE-2020-12429?

The Online Course Registration 2.0 product by Online Course Solutions is susceptible to multiple SQL injection vulnerabilities across several critical endpoints. These vulnerabilities allow attackers to manipulate database queries, potentially leading to unauthorized access, complete database compromise, and bypassing authentication controls on key functionalities like password changes and user availability checks.

References

https://www.exploit-db.com/exploits/48385
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.