Lucene search

K
Online Bus Booking System ProjectOnline Bus Booking System

7 matches found

CVE
CVE
added 2023/11/02 3:15 a.m.58 views

CVE-2023-45015

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS10AI score0.00097EPSS
CVE
CVE
added 2023/11/02 3:15 a.m.56 views

CVE-2023-45018

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS10AI score0.00097EPSS
CVE
CVE
added 2023/11/02 3:15 a.m.52 views

CVE-2023-45012

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS10AI score0.00097EPSS
CVE
CVE
added 2023/11/02 3:15 a.m.52 views

CVE-2023-45019

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS10AI score0.00097EPSS
CVE
CVE
added 2020/10/08 1:15 p.m.33 views

CVE-2020-25273

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.

9.8CVSS10AI score0.01068EPSS
CVE
CVE
added 2020/10/08 1:15 p.m.26 views

CVE-2020-25272

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.

6.1CVSS5.9AI score0.0021EPSS
CVE
CVE
added 2020/12/08 1:15 p.m.26 views

CVE-2020-25889

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.

9.8CVSS10AI score0.0138EPSS