CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0782 – CodeAstro Online Railway Reservation System pass-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0782
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing https://vuldb.com/?ctiid.251698 https://vuldb.com/?id.251698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33061
https://notcve.org/view.php?id=CVE-2022-33061
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_service • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33060
https://notcve.org/view.php?id=CVE-2022-33060
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_schedule • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-8.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33059
https://notcve.org/view.php?id=CVE-2022-33059
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_train • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-7.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33058
https://notcve.org/view.php?id=CVE-2022-33058
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_message • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-6.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •