CVE-2020-28994

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
karenderia_multiple_restaurant_system_projectkarenderia_multiple_restaurant_system
𝑥
≤ 5.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/wes4m/e32080b02c2cd668d50eeac66613ca1d
https://gist.github.com/wes4m/e32080b02c2cd668d50eeac66613ca1d