SQL Injection Vulnerability in Multi Restaurant Table Reservation System
CVE-2020-29284

9.8CRITICAL

Key Information:

Vendor

Multi Restaurant Table Reservation System Project

Status
Multi Restaurant Table Reservation System
Vendor
CVE Published:
2 December 2020

What is CVE-2020-29284?

The Multi Restaurant Table Reservation System's view-chair-list.php file lacks proper input validation for the table_id parameter. This oversight allows attackers to exploit the system through unauthenticated SQL Injection attacks. By manipulating the GET request to /dashboard/view-chair-list.php?table_id= with malicious input, an attacker can potentially compromise the database, leading to unauthorized data access and manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/BigTiger2020/-Multi-Restaurant-Table-R...
x_refsource_MISC
https://www.exploit-db.com/exploits/48984
x_refsource_MISC
https://www.sourcecodester.com/php/14568/multi-restaurant...
x_refsource_MISC

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.