163 matches found
Bus Booking Script Cross-Site Scripting Vulnerability
Bus Booking Script is an online bus booking management system based on PHP and MySQL. A cross-site scripting vulnerability exists in Bus Booking Script. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Bus Booking Script SQL Injection Vulnerability
Bus Booking Script is an online bus booking management system based on PHP and MySQL. A SQL injection vulnerability exists in Bus Booking Script. A remote attacker can obtain sensitive data e.g., current database user, mysql user by sending the 'spid' parameter to the admin/viewseatseller.php fil...
Sql injection
Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...
CVE-2017-17828
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...
CVE-2017-17828
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...
CVE-2017-17829
Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...
CVE-2017-17830
Bus Booking Script has CSRF via admin/newmaster.php...
CVE-2017-17830
Bus Booking Script has CSRF via admin/newmaster.php...
Design/Logic Flaw
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...
Cross site request forgery (csrf)
Bus Booking Script has CSRF via admin/newmaster.php...
CVE-2017-17829
Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...
CVE-2017-17828
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...
CVE-2017-17830
Bus Booking Script has CSRF via admin/newmaster.php...
CVE-2017-17830
CVE-2017-17830 affects Bus Booking Script, with a cross-site request forgery (CSRF) vulnerability found in admin/new_master.php. The connected documents consistently describe CSRF via this endpoint as the issue; no explicit product versions, root-cause detail beyond CSRF, or remediation steps are...
CVE-2017-17829
The CVE-2017-17829 entry corresponds to a SQL injection vulnerability in Bus Booking Script (PHP/MySQL). Affected components are the admin/view_seatseller.php sp_id parameter and the admin/view_member.php memid parameter, as described across multiple sources (NVD, CNVD, RH Red Hat, CVE lists). Th...
CVE-2017-17828
CVE-2017-17828 affects Bus Booking Script (PHP/MySQL). The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the results.php datepicker parameter or the admin/new_master.php spemail parameter. The connected sources confirm the same XSS description across multiple feeds; no vendor...
Bus Booking Script SQL Injection Vulnerability
Bus Booking Script is an online bus booking management system based on PHP and MySQL. A SQL injection vulnerability exists in Bus Booking Script version 1.0. The vulnerability can be exploited to inject SQL commands by sending the 'txtname' parameter to the admin/index.php file...
Sql injection
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...
CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...
CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...