CVE-2020-14972

2020-06-2217:21:53

mitre

www.cve.org

AI Score

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.

References

www.exploit-db.com/exploits/48439

www.sourcecodester.com