CVSS: 9.8EPSS: 25%CPEs: 1EXPL: 1CVE-2020-12429
https://notcve.org/view.php?id=CVE-2020-12429
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php. Online Course Registration versión 2.0, tiene múltiples inyecciones SQL que pueden conllevar a un compromiso completo de la base de datos y a una omisión de autenticación en las páginas de inicio de sesión: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, y pincode-verification.php. • https://www.exploit-db.com/exploits/48385 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •