An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
7.5CVSS
7.5AI Score
0.002EPSS
The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
9.8CVSS
9.3AI Score
0.001EPSS
The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
9.8CVSS
9.3AI Score
0.001EPSS
The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
9.8CVSS
9.3AI Score
0.001EPSS
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.
5.4CVSS
5.3AI Score
0.001EPSS
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
6.4CVSS
5.2AI Score
0.001EPSS