vendor:
Alumni Management System
by:
Ankita Pal
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Alumni Management System
Affected Version From: V1.0
Affected Version To: V1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:alumni_management_system:1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10 + xampp v3.2.4
2020
Alumni Management System 1.0 – Authentication Bypass
An attacker can bypass authentication by using payload anki' or 1=1# for both username and password in the login page of Alumni Management System 1.0.
Mitigation:
Implement strong authentication mechanisms and use secure authentication protocols.
