Lucene search
K

163 matches found

CNVD
CNVD
added 2017/12/22 12:0 a.m.5 views

Bus Booking Script Cross-Site Scripting Vulnerability

Bus Booking Script is an online bus booking management system based on PHP and MySQL. A cross-site scripting vulnerability exists in Bus Booking Script. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

4.8CVSS6.4AI score0.00542EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/22 12:0 a.m.11 views

Bus Booking Script SQL Injection Vulnerability

Bus Booking Script is an online bus booking management system based on PHP and MySQL. A SQL injection vulnerability exists in Bus Booking Script. A remote attacker can obtain sensitive data e.g., current database user, mysql user by sending the 'spid' parameter to the admin/viewseatseller.php fil...

7.2CVSS8.2AI score0.01023EPSS
Exploits1References1
Prion
Prion
added 2017/12/21 5:29 a.m.12 views

Sql injection

Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...

6.5CVSS7.5AI score0.01023EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/12/21 5:29 a.m.1 views

CVE-2017-17828

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...

4.8CVSS5.4AI score0.00542EPSS
Exploits1References2
NVD
NVD
added 2017/12/21 5:29 a.m.18 views

CVE-2017-17828

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...

4.8CVSS5AI score0.00542EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/12/21 5:29 a.m.3 views

CVE-2017-17829

Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...

7.2CVSS5.9AI score0.01023EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/12/21 5:29 a.m.1 views

CVE-2017-17830

Bus Booking Script has CSRF via admin/newmaster.php...

6.8CVSS5.4AI score0.0044EPSS
Exploits1References2
NVD
NVD
added 2017/12/21 5:29 a.m.14 views

CVE-2017-17830

Bus Booking Script has CSRF via admin/newmaster.php...

6.8CVSS6.7AI score0.0044EPSS
Exploits1References1
Prion
Prion
added 2017/12/21 5:29 a.m.16 views

Design/Logic Flaw

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...

3.5CVSS4.9AI score0.00542EPSS
Exploits1References1
Prion
Prion
added 2017/12/21 5:29 a.m.18 views

Cross site request forgery (csrf)

Bus Booking Script has CSRF via admin/newmaster.php...

6CVSS6.7AI score0.0044EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/21 5:0 a.m.17 views

CVE-2017-17829

Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...

7.6AI score0.01023EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/21 5:0 a.m.22 views

CVE-2017-17828

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/newmaster.php spemail parameter...

5AI score0.00542EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/21 5:0 a.m.19 views

CVE-2017-17830

Bus Booking Script has CSRF via admin/newmaster.php...

6.7AI score0.0044EPSS
Exploits1References1
CVE
CVE
added 2017/12/21 5:0 a.m.51 views

CVE-2017-17830

CVE-2017-17830 affects Bus Booking Script, with a cross-site request forgery (CSRF) vulnerability found in admin/new_master.php. The connected documents consistently describe CSRF via this endpoint as the issue; no explicit product versions, root-cause detail beyond CSRF, or remediation steps are...

6.8CVSS6.7AI score0.0044EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/12/21 5:0 a.m.53 views

CVE-2017-17829

The CVE-2017-17829 entry corresponds to a SQL injection vulnerability in Bus Booking Script (PHP/MySQL). Affected components are the admin/view_seatseller.php sp_id parameter and the admin/view_member.php memid parameter, as described across multiple sources (NVD, CNVD, RH Red Hat, CVE lists). Th...

7.2CVSS7.5AI score0.01023EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/12/21 5:0 a.m.55 views

CVE-2017-17828

CVE-2017-17828 affects Bus Booking Script (PHP/MySQL). The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the results.php datepicker parameter or the admin/new_master.php spemail parameter. The connected sources confirm the same XSS description across multiple feeds; no vendor...

4.8CVSS4.9AI score0.00542EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/12/20 12:0 a.m.3 views

Bus Booking Script SQL Injection Vulnerability

Bus Booking Script is an online bus booking management system based on PHP and MySQL. A SQL injection vulnerability exists in Bus Booking Script version 1.0. The vulnerability can be exploited to inject SQL commands by sending the 'txtname' parameter to the admin/index.php file...

9.8CVSS8.4AI score0.0305EPSS
Exploits5References1
Prion
Prion
added 2017/12/18 9:29 a.m.15 views

Sql injection

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...

7.5CVSS9.8AI score0.0305EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2017/12/18 9:29 a.m.23 views

CVE-2017-17645

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...

9.8CVSS9.9AI score0.0305EPSS
Exploits5References2
OSV
OSV
added 2017/12/18 9:29 a.m.3 views

CVE-2017-17645

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...

9.8CVSS5.8AI score0.0305EPSS
Exploits5References2
Rows per page
Query Builder