Lucene search

Online Movie Ticket Booking System Security Vulnerabilities

cve

CVE-2021-44866

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.

7.5CVSS

7.5AI Score

0.002EPSS

2022-02-03 02:15 PM

cve

CVE-2023-44163

The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.3AI Score

0.001EPSS

2023-09-28 10:15 PM

cve

CVE-2023-44164

The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.3AI Score

0.001EPSS

2023-09-28 10:15 PM

cve

CVE-2023-44166

The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.3AI Score

0.001EPSS

2023-09-28 10:15 PM

cve

CVE-2023-44173

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.

5.4CVSS

5.3AI Score

0.001EPSS

2023-09-28 09:15 PM

cve

CVE-2023-44174

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.

6.4CVSS

5.2AI Score

0.001EPSS

2023-09-28 10:15 PM