CVE-2023-45343

CVE-2023-45343 : Multiple unauthenticated SQL Injection vulnerabilities affect Online Food Ordering System v1.0. The issue stems from insufficient validation of the ticket_id parameter in routers/ticket-message.php, which passes unfiltered input to the database. Public sources in the connected do...

CVE-2023-45343 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticketid' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45344 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45342

CVE-2023-45342 affects Online Food Ordering System v1.0 and describes multiple unauthenticated SQL injection vulnerabilities in routers/register-router.php, caused by insufficient validation of the phone parameter, which is sent unfiltered to the database. Red Hat’s advisory mirrors the descripti...

CVE-2023-45329

Affected software: Online Food Ordering System, version 1.0. Vulnerability: unauthenticated SQL injection in routers/add-users.php; the unvalidated role parameter is sent to the database. Impact: potential for unauthorized data access/modification as described. Exploitation details: not provided ...

CVE-2023-45328

CVE-2023-45328 is rejected/not used and does not represent an active vulnerability entry.

CVE-2023-45325 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45018

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45019 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45017

The connected PT-2023-29358 entry identifies CVE-2023-45017 as an unauthenticated SQL Injection in Online Bus Booking System v1.0, caused by lack of validation on the destination parameter in search.php. This allows unfiltered input to reach the database; impact could include data disclosure or m...

CVE-2023-45012 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'useremail' parameter of the businfo.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-29514 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the type parameter of the "routers/add-ticket.php" resource does not validate the characters receive...

PT-2023-29413 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the subject parameter of the "feed.php" resource does not validate the characters received, sending th...

CVE-2023-44267 Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-27260

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-26581

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

PT-2023-21033 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...