| Headline | Vulnerabilities discovered affecting car rental company Project Worlds Official | |
|---|---|---|
| Year | 2020 | |
| Month | March | |
| Country | United States | |
| Description | System 1 of Project Worlds Official Car Rental – a rental car company – is vulnerable to multiple SQL injection issues, as evidenced by the email and parameters (account.php), uname and pass parameters (login.php), and the id parameter (book_car.php) This allows a malicious user to dump the MySQL database and bypass the login authentication request. | |
| Intentionality | Cracker | |
| Target | Company | |
| Type of company | Rent | |
| Data / Life | Data | |
| Access | Remote | |
| System | Servers | |
| Recognized by brand | No | |
| Source | https://nvd.nist.gov/vuln/detail/CVE-2020-11544 |
