3 matches found
CVE-2020-25273
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
CVE-2020-25272
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
CVE-2020-25889
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.