CVE-2026-8684

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

PT-2026-42738

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

CVE-2023-0570

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\paymentoperation.php. The manipulation of the argument bookingid leads to sql injection. It is possible to initiate...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\paymentoperation.php. The manipulation of the argument bookingid leads to sql injection. It is possible to initiate...

PT-2023-16372 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the file useroperationspayment operation.php. The manipulation of the booking id argument leads to SQL...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version 1.0, which stems from an incorrect manipulation of the parameter bookingid that can lead to sq...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system developed by Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from /admin/update The booking.php id parameter lacks validation for external input SQL...

Wedding Planner SQL注入漏洞

Wedding Planner is a wedding planner program by pushpam abhishek. Designed to provide users with an easy way to plan their weddings through a web application while using real data. A security vulnerability exists in Wedding Planner v1.0, which stems from an SQL injection that can be achieved by a...

PT-2022-24431 · Unknown · Wedding Planner

Name of the Vulnerable Software and Affected Versions: Wedding Planner version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the booking id parameter at the "/admin/budget.php" API endpoint. Recommendations: For Wedding Planner...

CVE-2022-30835

Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?bookingid=...

CVE-2022-30834

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientmanageaccountdetails.php?bookingid=31&userid=...

CVE-2022-30834

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientmanageaccountdetails.php?bookingid=31&userid=...

Car Rental System SQL注入漏洞

Car Rental System is a car rental system by individual developer AMEY THAKUR in India. car Rental System v1.0 is vulnerable to SQL injection, which originates from the lack of SQL data filtering for the id parameter in /CarRental/booking.php, and can be exploited by attackers to execute illegal S...

Wordpress Plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the Wordpress Plugin...

VehicleWorkshop 1.0 - &#039;bookingid&#039; SQL Injection

Exploit Title: VehicleWorkshop 1.0 - 'bookingid' SQL Injection Data: 2020-02-06 Exploit Author: Mehran Feizi Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop Tested on: Windows Google Dork: N/A ========= Vulnerable Page: ========= /viewtestdrive.php ========== Vulnerable Source:...

CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the bookingid parameter...