In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25273
Reference (s):
- https://github.com/Ko-kn3t/CVE-2020-25273
- https://www.sourcecodester.com