CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

CVE-2026-7089

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

CVE-2026-7089 code-projects Home Service System Appointment Booking booking.php cross site scripting

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

Code-Projects Home Service System 跨站脚本漏洞

The Code-Projects Home Service System is an open-source door-to-door service system developed by Code-Projects. Version 1.0 of the Code-Projects Home Service System contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters fname and lname in the...

CVE-2026-36923

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

EUVD-2026-21924

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

CVE-2026-36923

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

EUVD-2026-14712

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2026-4626

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

CarLux 安全漏洞

CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which stems from the file /carlux/booking.php being vulnerable to cross-site scripting attacks...

PT-2025-44777

Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to Cross Site Scripting XSS in the /carlux/booking.php file. The issue allows for the injection of malicious scripts through the vulnerable...

CVE-2025-11662

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument servid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2025-11474

CVE-2025-11474 affects SourceCodester Hotel and Lodge Management System 1.0. The vulnerability lies in the /edit_booking.php functionality, where manipulation of the Name parameter enables a SQL injection. This is a remotely exploitable flaw with publicly available exploit details. Multiple sourc...

EUVD-2025-32730

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /delbooking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-11403 SourceCodester Hotel and Lodge Management System del_booking.php sql injection

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /delbooking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-8970

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-8970

CVE-2025-8970 affects itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is in the file /admin/operations/booking.php, where manipulation of the ID parameter enables an SQL injection. The issue is exploitable remotely, with public disclosure of the exploit noted in multi...

PT-2025-14624 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A critical issue has been found in the processing of the file /lawyer booking.php, where the manipulation of the unblock id argument leads to sql injection. This issue ca...

CVE-2025-1962

A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

PT-2024-25277 · Sourcecodester · Aplaya Beach Resort Online Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown function of the file booking/index.php. The manipulation of the log email and lo...