An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25905
Reference (s):
- https://packetstormsecurity.com/files/159132/Mobile-Shop-System-1.0-SQL-Injection.html