AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-10106: PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in in

criticalvulnerability

security

Source: NVD/CVE DatabaseMarch 5, 2020CVE-2020-10106

Summary

PHPGurukul Daily Expense Tracker System version 1.0 contains a SQL injection vulnerability (a type of attack where malicious SQL code is inserted into input fields) in the email parameter of index.php and register.php files. This flaw allows attackers to dump the MySQL database (extract all stored data) and bypass the login system.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-10106

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%