2 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. • https://vuldb.com/?ctiid.242170 https://vuldb.com/?id.242170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. Online Motorcycle (Bike) Rental System versión 1.0, es vulnerable a un ataque de Inyección SQL Basado en Tiempo Ciego dentro del portal de inicio de sesión. Esto puede conllevar a que atacantes descarguen remotamente las credenciales de la base de datos MySQL • https://doctorzorka.github.io/Exploits/exploit-1.html https://www.exploit-db.com/exploits/50429 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •