4.6
CVSSv2

CVE-2020-25487

Published: 22/09/2020 Updated: 30/09/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

PHPGurukul Zoo Management System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the animal-detail.php script using the anid parameter, which could allow the malicious user to view, add, modify or delete information in the back-end database.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoo management system project zoo management system 1.0

Github Repositories

SQL injection Vulnerability in Zoo Management System

CVE-2020-25487 #SQL injection Vulnerability in Zoo Management System V 10 #Vendor - phpgurukulcom #Product - phpgurukulcom/zoo-management-system-using-php-and-mysql/ #Vulnerability Type - SQL injection #Affected Component - zms/animal-detailphp #Attack Type- Local #Impact Code execution - true #Attack Vectors - Go to client webpage and do sql injection at ht

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745