cve/2020/CVE-2020-25760.md

### [CVE-2020-25760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25760)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

### POC

#### Reference
- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2020/Sep/43
- http://seclists.org/fulldisclosure/2020/Sep/43
- https://packetstormsecurity.com/files/author/15149/
- https://packetstormsecurity.com/files/author/15149/

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-25760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25760)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- http://seclists.org/fulldisclosure/2020/Sep/43`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://seclists.org/fulldisclosure/2020/Sep/43`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://packetstormsecurity.com/files/author/15149/`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://packetstormsecurity.com/files/author/15149/`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`