CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20125 – Online Hotel Booking System Pro roomtype-details.php sql injection
https://notcve.org/view.php?id=CVE-2017-20125
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96625 https://www.exploit-db.com/exploits/41181 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20124 – Online Hotel Booking System Pro Plugin roomtype-details.php sql injection
https://notcve.org/view.php?id=CVE-2017-20124
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96624 https://www.exploit-db.com/exploits/41182 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15535 – Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15535
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Car Rental System versiones hasta 1.3 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157118/WordPress-Car-Rental-System-1.3-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/10172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4035 – BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4035
Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Vulnerabilidad de XSS en booking_details.php en Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro del título. BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability in booking_details.php. • https://www.exploit-db.com/exploits/47219 http://packetstormsecurity.com/files/126949/BSI-Advance-Hotel-Booking-System-2.0-Cross-Site-Scripting.html http://packetstormsecurity.com/files/154024/BSI-Advance-Hotel-Booking-System-2.0-Cross-Site-Scripting.html http://www.securityfocus.com/bid/67914 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4814 – BSI Advance Hotel Booking System 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4814
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en index1.php en Best Soft Inc. (BSI) Advance Hotel Booking System v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "page". • https://www.exploit-db.com/exploits/15531 http://packetstormsecurity.org/files/view/95829/phpbsiahbs-sql.txt http://www.exploit-db.com/exploits/15531 http://www.securityfocus.com/bid/44854 https://exchange.xforce.ibmcloud.com/vulnerabilities/63268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •