Online Bus Ticket Booking Website 1.0 SQL Injection

============================================================================================================================================= | Title : online bus ticket booking Website v1.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

CVE-2023-50865

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-50866

Travel Website v1.0 contains an unauthenticated SQL injection in the loginAction.php resource via the username parameter, which is not validated before being sent to the database. Root cause: input not validated/filtered. Impact per sources indicates potential SQL injection on login input. Affect...

CVE-2023-50866 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-50862

This CVE affects Travel Website v1.0. The vulnerability is an unauthenticated SQL Injection in the booking.php resource, triggered by the hotelIDHidden parameter where input is not properly validated and is sent unfiltered to the database. Impact is described as high for confidentiality, integrit...

CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2022-45990

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

CVE-2022-45990

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

CVE-2022-27330

CVE-2022-27330 describes a cross-site scripting (XSS) vulnerability in the E-Commerce Website v1.0, exploitable through a crafted payload injected into the Product Title field when using the admin URL /public/admin/index.php?add_product. The vulnerability allows execution of arbitrary web scripts...

Sql injection

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...