5 matches found
CVE-2024-51030
Sourcecodester Cab Management System 1.0 has a SQL injection in manage_client.php and view_cab.php that can be exploited via the id parameter to execute arbitrary SQL. Affected scripts: manage_client.php, view_cab.php. Root cause: unsanitized id parameter enabling SQL injection with high confiden...
CVE-2024-5893
SourceCodester Cab Management System 1.0 is affected by a SQL injection in the /cms/classes/Users.php?f=delete_client endpoint, caused by manipulation of the id parameter in the delete_client function. Attacks can be initiated remotely, and public exploits have been disclosed. The vulnerability i...
CVE-2024-51031
CVE-2024-51031 affects Sourcecodester Cab Management System 1.0. A cross-site scripting (XSS) vulnerability exists in manage_account.php allowing remote authenticated users to inject arbitrary scripts via the First Name, Middle Name, and Last Name fields. The issue is documented across multiple f...
CVE-2026-36922
CVE-2026-36922 affects Sourcecodester Cab Management System v1.0; SQL injection in /cms/admin/categories/view_category.php. Root cause is vulnerable SQL handling in that file. CVSS 3.1 base score 2.7 (LOW) with Confidentiality impact: LOW; no impact to integrity or availability stated. Other conn...
CVE-2026-36923
CVE-2026-36923 affects Sourcecodester Cab Management System 1.0. The vulnerable component is /cms/admin/bookings/view_booking.php and is caused by an SQL Injection condition in that file. CVSS v3.1 base score is 2.7 (LOW) with network attack vector, high privileges required, no user interaction, ...