SourceCodester Online Bus Booking System SQL Injection (CVE-2020-25273)

An SQL injection vulnerability exists in SourceCodester Online Bus Booking System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2020-27956

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=managecar because .php files can be uploaded to admin/assets/uploads/ under the web root...

CVE-2020-27956

CVE-2020-27956 affects SourceCodester Car Rental Management System 1.0. The vulnerability arises from an arbitrary file upload in the Upload Image component, allowing a user to upload PHP files to admin/assets/uploads/ under the web root via admin/index.php?page=manage_car, leading to remote code...

Gym Management System 1.0 SQL Injection

Exploit Title: Gym Management System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection

Exploit Title: Stock Management System 1.0 - SQL Injection Dork: N/A Date: 2020-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested on: Linux CVE: N/A POC: ...

Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Seat Reservation System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip...

Employee Management System 1.0 SQL Injection

Exploit Title: Employee Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

CVE-2020-25273

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection...

CVE-2020-25272

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in booknow.php...

Sql injection

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection...

CVE-2020-25273

The CVE-2020-25273 entry concerns SourceCodester Online Bus Booking System 1.0 with an authentication bypass on the Admin Login. The connected exploit repository provides concrete details: the vulnerability resides in the login flow (admin.php/login_auth.php) and is triggered via SQL injection in...

CVE-2020-25272

CVE-2020-25272 corresponds to an XSS vulnerability in SourceCodester Online Bus Booking System 1.0, triggered via the name parameter in book_now.php. The available connected documents confirm the affected product and the vulnerability vector, but do not provide details on the exploitation status,...

CVE-2020-25762

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...

CVE-2020-25762

CVE-2020-25762 affects SourceCodester Seat Reservation System 1.0. The vulnerability lies in admin_class.php which does not validate input for username/password, enabling an attacker to send crafted input to /admin/ajax.php?action=login to bypass authentication and potentially access sensitive in...

Exploit for SQL Injection in Online_Bus_Booking_System_Project Online_Bus_Booking_System

CVE-2020-25273 Online Bus Booking System 1.0, there is Authen...

Information disclosure

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books New Book , http:///lms/index.php?page=books...

CVE-2020-25515

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books New Book , http:///lms/index.php?page=books...

CVE-2020-25515

CVE-2020-25515 affects Sourcecodester Simple Library Management System 1.0. The vulnerability is described as insecure permissions via Books > New Book (path: /lms/index.php?page=books). CVSS metrics indicate moderate to high impact (CVSS2 Base 4.6; CVSS3.1 Base 7.8) with local attack vector a...

CVE-2020-25514

CVE-2020-25514 affects Sourcecodester Simple Library Management System 1.0. The vulnerability is an Incorrect Access Control flaw via the login panel at /lms/admin.php, enabling potential bypass of authentication. Public references corroborate an authentication bypass vector and exposure of admin...

Seat Reservation System 1.0 Shell Upload

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files. Vendor Homepage: www.sourcecodester.com Software Link:...