3 matches found
CVE-2023-1100
The CVE-2023-1100 entry concerns SourceCodester Online Catering Reservation System 1.0. It identifies a vulnerability in the POST Parameter Handler, specifically the /reservation/add_message.php file, where the fullname parameter is vulnerable to SQL injection. The root cause is an injection flaw...
CVE-2021-38758
CVE-2021-38758 affects the Online Catering Reservation System 1.0. The vulnerability is a directory traversal due to lack of validation in index.php, allowing access to restricted files as described in the CVE entry. NVD lists CVSS v3.1 base score 7.5 (Network, Low complexity, No privileges, No u...
CVE-2021-38752
CVE-2021-38752 is an XSS vulnerability in the Online Catering Reservation System (PHP, Sourcecodester). The issue occurs in the search bar where user input is not properly sanitized, allowing an attacker to arbitrarily inject code in the search functionality. CVSS metrics: AV:N/AC:L/PR:L/UI:R/S:C...