CVE-2023-48688
An unauthenticated SQL injection exists in Railway Reservation System v1.0 due to unvalidated input in the to parameter of reservation.php, allowing unfiltered data to reach the database. Remediation: validate/filter the to parameter or restrict access to reservation.php until a fix is provided. ...