CVE-2020-37081

Sažetak

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.

Reference

https://fishingreservationsystem.com/index.html
https://www.exploit-db.com/exploits/48417
https://www.vulncheck.com/advisories/fishing-reservation-system-uid-sql-injection
https://www.vulnerability-lab.com/get_content.php?id=2243

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

04-02-2026 - 16:33

Objavljeno

03-02-2026 - 22:16