Authentication Bypass Vulnerability in SourceCodester Seat Reservation System
CVE-2020-25762

9.1CRITICAL

Key Information:

Vendor

Seat Reservation System Project

Status
Seat Reservation System
Vendor
CVE Published:
30 September 2020

What is CVE-2020-25762?

The SourceCodester Seat Reservation System version 1.0 contains a critical flaw in the admin_class.php file, where it fails to properly validate input for the username and password parameters. This oversight allows attackers to send crafted requests to /admin/ajax.php?action=login, enabling them to bypass authentication mechanisms. Consequently, an attacker could exploit this vulnerability to obtain sensitive information and manipulate backend systems without legitimate access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/159261/Seat-Reservat...
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Sep/42
mailing-listx_refsource_FULLDISC
https://packetstormsecurity.com/files/author/15149
x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.