Skip to main content

Library Management System CVE-2020-28073

CRITICAL
SQL Injection (CWE-89)
2020-12-23 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 23, 2020 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.

AnalysisAI

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. Affected products include: Library Management System Project Library Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2023-7111 CRITICAL POC
9.8 Dec 26

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Rated criti

CVE-2022-37794 CRITICAL POC
9.8 Sep 12

In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. Rated crit

CVE-2022-36735 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admi

CVE-2022-36734 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admi

CVE-2022-36733 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/

CVE-2022-36732 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /libraria

CVE-2022-36731 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /libr

CVE-2022-36730 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /libr

CVE-2022-36714 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /sta

CVE-2022-36713 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /lib

CVE-2022-36712 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/st

CVE-2022-36711 CRITICAL POC
9.8 Aug 30

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bo

Share

CVE-2020-28073 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy