CVE-2020-24862

Name: CVE-2020-24862
Creator: NVD / NIST
Published: 2021-06-02T17:15:08.547+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.05%

Last modified Jun 17, 2026

CVE-2020-24862 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.. EPSS estimates a 2.05% chance of exploitation in the next 30 days.

Description

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

2.05%

78.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Pharmacy Medical Store And Sale Point Project	Pharmacy Medical Store And Sale Point	1.0

References

https://www.exploit-db.com/exploits/48752Exploit, Third Party Advisory, VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+FrameworkThird Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.htmlThird Party Advisory
https://www.exploit-db.com/exploits/48752Exploit, Third Party Advisory, VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+FrameworkThird Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.htmlThird Party Advisory

Timeline

Published: Jun 2, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-24862?

How severe is CVE-2020-24862?

CVE-2020-24862 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.05% probability of exploitation in the next 30 days.

How do I fix CVE-2020-24862?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-24862?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST