17 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Se ha detectado que Online Sports Complex Booking System versión v1.0, permite a atacantes tomar el control de las cuentas de los usuarios por medio de una petición POST diseñada • https://cxsecurity.com/issue/WLB-2022030104 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. Se ha detectado que Online Sports Complex Booking System versión v1.0, contiene una vulnerabilidad de inyección SQL ciega por medio del parámetro id en el archivo /scbs/view_facility.php • https://cxsecurity.com/issue/WLB-2022030105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. Online Sports Complex Booking System versión 1.0, es vulnerable a una Inyección SQL por medio de /scbs/classes/Users.php?f=save_client • https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20Booking%20System/Online%20Sports%20Complex%20Booking%20System%201.0%20XSS%20loophole.md https://packetstormsecurity.com/files/166641/Online-Sports-Complex-Booking-System-1.0-Cross-Site-Scripting.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. Online Sports Complex Booking System versión 1.0, es vulnerable a una Inyección SQL por medio de /classes/master.php?f=delete_ Facility • https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20Booking%20System/Online%20Sports%20Complex%20Booking%20System%201.0%20SQL%20Injection%28%E4%B8%89%29.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. Online Sports Complex Booking System versión 1.0, es vulnerable a una Inyección SQL por medio de /scbs/classes/Users.php?f=delete_client • https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20Booking%20System/Online%20Sports%20Complex%20Booking%20System%201.0%20SQL%20Injection%28%E4%BA%8C%29.md https://packetstormsecurity.com/files/166598/Online-Sports-Complex-Booking-System-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •