Lucene search

K
packetstormValerio AlessandroniPACKETSTORM:160583
HistoryDec 17, 2020 - 12:00 a.m.

Alumni Management System 1.0 Blind SQL Injection

2020-12-1700:00:00
Valerio Alessandroni
packetstormsecurity.com
132

0.005 Low

EPSS

Percentile

76.8%

`# Exploit Title: Blind SQL injection on Alumni Management System # Date: 23/10/2020  
# Exploit Author: Valerio Alessandroni  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html  
# Version: 1.0  
# Tested on: ubuntu 18.04  
# CVE : CVE-2020-28070  
# Description:  
Blind SQL injection vulnerability on Alumni Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the "id" GET parameter through the page view_event.php on line 4.  
# Reproduction:  
Just visit the page and replace "id" get parameter with the SQL code to exploit this Blind SQL Injection  
Example: http://127.0.0.1/index.php?page=view_event&id=[SQL]  
  
`

0.005 Low

EPSS

Percentile

76.8%

Related for PACKETSTORM:160583