CVE-2017-20243

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

CVE-2017-20243

CVE-2017-20243 concerns the WordPress Car Park Booking Plugin. The initial report states a time-based SQL injection vulnerability in the plugin (version cited as of 17 Oct 2017) that allows unauthenticated attackers to manipulate database queries via the space_id parameter. By sending crafted GET...

EUVD-2017-18969

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

WordPress plugin Car Park Booking Plugin 13 October SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

CVE-2026-7089

CVE-2026-7089 affects code-projects Home Service System 1.0. The vulnerability targets the Appointment Booking component, specifically the /booking.php file, where manipulation of the fname/lname parameters enables cross-site scripting. The description notes remote initiation and publicly disclos...

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

PT-2026-34750

Name of the Vulnerable Software and Affected Versions SpiceJet public booking retrieval page affected versions not specified Description Improper access control on a sensitive data retrieval function in the public booking retrieval page allows unauthenticated users to access full passenger bookin...

CVE-2026-36923

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

CVE-2026-36923

CVE-2026-36923 affects Sourcecodester Cab Management System 1.0. The vulnerable component is /cms/admin/bookings/view_booking.php and is caused by an SQL Injection condition in that file. CVSS v3.1 base score is 2.7 (LOW) with network attack vector, high privileges required, no user interaction, ...

PT-2026-27308

Name of the Vulnerable Software and Affected Versions projectworlds Lawyer Management System version 1.0 Description A flaw exists in projectworlds Lawyer Management System 1.0. The issue is related to cross site scripting, triggered by manipulating the Description argument in the /lawyer...

Exploit for Cross-site Scripting in Phpgurukul Doctor_Appointment_Management_System

CVE-2025-45805 Poc Of CVE-2025-45805 Affected Product: Doctor...

CVE-2025-63450

Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting XSS in /carlux/booking.php...

CVE-2025-63450

Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting XSS in /carlux/booking.php...

CVE-2025-63450

CVE-2025-63450 affects Car-Booking-System-PHP v1.0 with a Cross-Site Scripting (XSS) vulnerability in /carlux/booking.php. The Red Hat, EUVD, CIRCL, NVD, and CVE records corroborate an XSS issue; however, the exact vulnerable parameter is not consistently specified across sources. Exploitation st...

CVE-2025-11662 SourceCodester Best Salon Management System booking.php sql injection

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument servid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the...

PT-2025-41753

Name of the Vulnerable Software and Affected Versions SourceCodester Best Salon Management System version 1.0 Description A security flaw exists in SourceCodester Best Salon Management System 1.0. The issue is a SQL injection impacting an unknown function within the /booking.php file. The serv id...

CVE-2025-11474

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbooking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has...

PT-2025-41251

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0, specifically within the /edit booking.php file. Manipulation of the Name argument can lead to a SQL...

PT-2025-41142

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0 related to the /del booking.php file. Manipulation of the ID argument can lead to a SQL injection...