SQL Injection Vulnerability in Sourcecodester Mobile Shop System by Sourcecodester
CVE-2020-25905

9.8CRITICAL

Key Information:

Vendor: Mobile Shop System Project
Status: Mobile Shop System
Vendor: CVE Published:; 28 January 2022

🔔 Create Mobile Shop System Project Vulnerability Alert

What is CVE-2020-25905?

A vulnerability has been identified in the Sourcecodester Mobile Shop System version 1.0, which allows an attacker to execute SQL injection via the 'email' parameter in two specific files, namely login.php and LoginAsAdmin.php. This flaw enables potential unauthorized access to sensitive data by manipulating SQL queries, posing risks to the integrity and confidentiality of the system.

References

https://packetstormsecurity.com/files/159132/Mobile-Shop-...

https://www.exploit-db.com/exploits/48916

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Sep 24, 2020

CVE-2020-25905 Data

JSON