NVD Vulnerability Detail

CVE-2020-25760

Summary	Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Publication Date	Oct. 1, 2020, 3:15 a.m.
Registration Date	Jan. 26, 2021, 11:55 a.m.
Last Update	Nov. 21, 2024, 2:18 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:projectworlds:visitor_management_system_in_php:1.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
3	http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
4	http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
5	http://seclists.org/fulldisclosure/2020/Sep/43	Exploit Mailing List Third Party Advisory
6	http://seclists.org/fulldisclosure/2020/Sep/43	Exploit Mailing List Third Party Advisory
7	https://packetstormsecurity.com/files/author/15149/	Exploit Third Party Advisory VDB Entry
8	https://packetstormsecurity.com/files/author/15149/	Exploit Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

JVN Vulnerability Information

Projectworlds Visitor Management System in PHP における SQL インジェクションの脆弱性

Title	Projectworlds Visitor Management System in PHP における SQL インジェクションの脆弱性
Summary	Projectworlds Visitor Management System in PHP には、SQL インジェクションの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 19, 2020, midnight
Registration Date	April 14, 2021, 4:17 p.m.
Last Update	April 14, 2021, 4:17 p.m.

Affected System

Projectworlds

Visitor Management System in PHP 1.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-25760	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25760
National Vulnerability Database (NVD)
2	CVE-2020-25760	https://nvd.nist.gov/vuln/detail/CVE-2020-25760

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	Name	URL
Projectworlds
1	Visitor Management System in PHP and Mysql	https://projectworlds.in/visitor-management-system-in-php-and-mysql/

その他

No	Name	URL
関連文書
1	Visitor Management System in PHP 1.0 - Authenticated SQL Injection	http://seclists.org/fulldisclosure/2020/Sep/43

Change Log

No	Changed Details	Date of change
1	[2021年04月14日] 掲載	April 14, 2021, 4:17 p.m.