Lucene search
+L

1434 matches found

Prion
Prion
added 2020/12/02 10:15 p.m.14 views

Sql injection

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

7.5CVSS9.7AI score0.06093EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/12/02 9:8 p.m.62 views

CVE-2020-29284

CVE-2020-29284 affects Sourcecodester Multi Restaurant Table Reservation System 1.0. The file view-chair-list.php does not validate the table_id parameter, enabling unauthenticated SQL injection via GET requests to /dashboard/view-chair-list.php?table_id=; multiple sources (NVD/Red Hat/Nuclei/NVD...

9.8CVSS9.6AI score0.06093EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/12/02 9:8 p.m.23 views

CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

9.8AI score0.06093EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2020/11/25 12:0 a.m.24 views

Seat Reservation System Arbitrary File Upload (CVE-2020-25763)

An arbitrary file upload vulnerability exists in Seat Reservation System. The vulnerability is due to improper validation of user supplied data in UploadAction. Successful exploitation could result in uploading potentially dangerous file which may lead to arbitrary code execution...

7.5CVSS3.7AI score0.04984EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/08 12:0 a.m.549 views

Seat Reservation System 1.0 Cross Site Scripting

Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...

7.4AI score
Exploits0
OSV
OSV
added 2020/09/30 6:15 p.m.5 views

CVE-2020-25762

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...

9.1CVSS7.3AI score0.11301EPSS
Exploits3References3
OSV
OSV
added 2020/09/30 6:15 p.m.4 views

CVE-2020-25763

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...

9.8CVSS7.5AI score0.04984EPSS
Exploits3References3
Prion
Prion
added 2020/09/30 6:15 p.m.16 views

Authentication flaw

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...

6.4CVSS9.1AI score0.11301EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2020/09/30 6:15 p.m.13 views

Unrestricted file upload

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...

7.5CVSS9.8AI score0.04984EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2020/09/29 7:17 p.m.64 views

CVE-2020-25763

The CVE-2020-25763 issue affects Seat Reservation System version 1.0 and is an unauthenticated file upload vulnerability that allows remote attackers to achieve remote code execution by uploading PHP files to the hosting webserver. Multiple connected sources (Red Hat CVE entry, Exploit Database, ...

9.8CVSS9.8AI score0.04984EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2020/09/29 7:17 p.m.32 views

CVE-2020-25763

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...

9.9AI score0.04984EPSS
Exploits3References3
Cvelist
Cvelist
added 2020/09/29 7:11 p.m.29 views

CVE-2020-25762

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...

9.2AI score0.11301EPSS
Exploits3References3
CVE
CVE
added 2020/09/29 7:11 p.m.69 views

CVE-2020-25762

CVE-2020-25762 affects SourceCodester Seat Reservation System 1.0. The vulnerability lies in admin_class.php which does not validate input for username/password, enabling an attacker to send crafted input to /admin/ajax.php?action=login to bypass authentication and potentially access sensitive in...

9.1CVSS9.1AI score0.11301EPSS
Exploits3References3Affected Software1
Exploit DB
Exploit DB
added 2020/05/05 12:0 a.m.149 views

Fishing Reservation System 7.5 - 'uid' SQL Injection

Title: Fishing Reservation System 7.5 - 'uid' SQL Injection Author: Vulnerability Laboratory Date: 2020-05-05 Vendor: https://fishingreservationsystem.com/index.html Software: https://fishingreservationsystem.com/features.htm CVE: N/A Document Title: =============== Fishing Reservation System -...

7.4AI score
Exploits0
OSV
OSV
added 2019/10/16 6:15 p.m.6 views

CVE-2019-3025

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the...

9CVSS5.8AI score0.14457EPSS
Exploits4References2
Schneier on Security
Schneier on Security
added 2019/07/10 10:51 a.m.68 views

Details of the Cloud Hopper Attacks

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud...

1AI score
Exploits0
exploitpack
exploitpack
added 2019/03/21 12:0 a.m.18 views

uHotelBooking System - system_page SQL Injection

uHotelBooking System - systempage SQL Injection Exploit Title: uHotelBooking System - 'systempage' SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested o...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2019/02/28 12:0 a.m.18 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage:...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.21 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.29 views

Simple Online Hotel Reservation System - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...

0.3AI score
Exploits0
Rows per page
Query Builder