Booking Project Security Vulnerabilities
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable...
8.8CVSS
8.8AI Score
0.001EPSS
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP...
9.8CVSS
9.3AI Score
0.001EPSS
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at...
6.1CVSS
6AI Score
0.001EPSS
Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id...
9.8CVSS
9.7AI Score
0.002EPSS
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell...
9.8CVSS
9.7AI Score
0.009EPSS
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some....
9.8CVSS
9.8AI Score
0.08EPSS
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a...
4.3CVSS
4.7AI Score
0.001EPSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to.....
5.4CVSS
5.2AI Score
0.002EPSS
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax...
9.8CVSS
10AI Score
0.002EPSS
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin...
9.8CVSS
10AI Score
0.007EPSS
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to...
9.8CVSS
9.8AI Score
0.002EPSS
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL...
9.8CVSS
10AI Score
0.002EPSS
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in...
6.1CVSS
5.9AI Score
0.001EPSS
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form...
5.4CVSS
5.5AI Score
0.001EPSS
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration...
6.1CVSS
5.9AI Score
0.003EPSS
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl...
6.1CVSS
6.3AI Score
0.001EPSS
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2...
6.1CVSS
6AI Score
0.001EPSS
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id...
8.8CVSS
9.1AI Score
0.081EPSS
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png...
5.3CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user...
5.4CVSS
5.7AI Score
0.001EPSS
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address...
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address...
6.5CVSS
6.6AI Score
0.002EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label]...
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent]...
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via...
8.8CVSS
8.6AI Score
0.002EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][]...
4.8CVSS
4.9AI Score
0.001EPSS
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid...
9.8CVSS
9.9AI Score
0.002EPSS
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q...
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.003EPSS
9.8CVSS
9.9AI Score
0.002EPSS
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city...
9.8CVSS
9.9AI Score
0.002EPSS
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus...
9.8CVSS
9.9AI Score
0.002EPSS
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city...
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.002EPSS
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange...
5.3CVSS
5.3AI Score
0.002EPSS
Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6AI Score
0.001EPSS
9.1CVSS
9.1AI Score
0.001EPSS