AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-11545: Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email

criticalvulnerability

security

Source: NVD/CVE DatabaseApril 6, 2020CVE-2020-11545

Summary

Project Worlds Official Car Rental System 1 has multiple SQL injection vulnerabilities (CWE-89, a flaw where attackers can manipulate database queries by inserting malicious code) in several input fields across different pages, allowing attackers to steal data from the MySQL database or bypass login authentication. The vulnerable parameters are found in the email field on account.php, the username and password fields on login.php, and the id parameter on book_car.php.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-11545

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%