RSS   Vulnerabilities for
'Visitor management system in php'
   RSS

2020-09-30
 
CVE-2020-25761

CWE-79
 

 
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.

 
 
CVE-2020-25760

CWE-89
 

 
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

 

 >>> Vendor: Projectworlds 13 Products
Official car rental system
House rental and property listing project
Car rental project
House rental
Visitor management system in php
Online matrimonial project
Online book store project in php
Travel management system
Hospital management system in php
Online shopping system in php
Online-shopping-webvsite-in-php
Online examination system
Online movie ticket booking system


Copyright 2022, cxsecurity.com

 

Back to Top