2 matches found
CVE-2023-50862
This CVE affects Travel Website v1.0. The vulnerability is an unauthenticated SQL Injection in the booking.php resource, triggered by the hotelIDHidden parameter where input is not properly validated and is sent unfiltered to the database. Impact is described as high for confidentiality, integrit...
CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...