1434 matches found
Sql injection
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...
CVE-2020-29284
CVE-2020-29284 affects Sourcecodester Multi Restaurant Table Reservation System 1.0. The file view-chair-list.php does not validate the table_id parameter, enabling unauthenticated SQL injection via GET requests to /dashboard/view-chair-list.php?table_id=; multiple sources (NVD/Red Hat/Nuclei/NVD...
CVE-2020-29284
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...
Seat Reservation System Arbitrary File Upload (CVE-2020-25763)
An arbitrary file upload vulnerability exists in Seat Reservation System. The vulnerability is due to improper validation of user supplied data in UploadAction. Successful exploitation could result in uploading potentially dangerous file which may lead to arbitrary code execution...
Seat Reservation System 1.0 Cross Site Scripting
Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...
CVE-2020-25762
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...
CVE-2020-25763
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
Authentication flaw
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...
Unrestricted file upload
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
CVE-2020-25763
The CVE-2020-25763 issue affects Seat Reservation System version 1.0 and is an unauthenticated file upload vulnerability that allows remote attackers to achieve remote code execution by uploading PHP files to the hosting webserver. Multiple connected sources (Red Hat CVE entry, Exploit Database, ...
CVE-2020-25763
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
CVE-2020-25762
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...
CVE-2020-25762
CVE-2020-25762 affects SourceCodester Seat Reservation System 1.0. The vulnerability lies in admin_class.php which does not validate input for username/password, enabling an attacker to send crafted input to /admin/ajax.php?action=login to bypass authentication and potentially access sensitive in...
Fishing Reservation System 7.5 - 'uid' SQL Injection
Title: Fishing Reservation System 7.5 - 'uid' SQL Injection Author: Vulnerability Laboratory Date: 2020-05-05 Vendor: https://fishingreservationsystem.com/index.html Software: https://fishingreservationsystem.com/features.htm CVE: N/A Document Title: =============== Fishing Reservation System -...
CVE-2019-3025
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the...
Details of the Cloud Hopper Attacks
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud...
uHotelBooking System - system_page SQL Injection
uHotelBooking System - systempage SQL Injection Exploit Title: uHotelBooking System - 'systempage' SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested o...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage:...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...
Simple Online Hotel Reservation System - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...