Sourcecodester Seat Reservation System Version 1.0 vulnerabilities

Preface: It is common for application developers to use open source as a reference.

Synopsis: If you are consider or has been used the free source code to develop the seat-reservation-system.
You should stay alert for vulnerabilities in this software product.

Vulnerability details:

Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution. (CVE-2020-25763)

Remedy: You can do a config on your firewall or Nginx to restrict the access of ajax.php and admin function pages.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.