CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2382 – PHPGurukul Online Banquet Booking System booking-search.php sql injection
https://notcve.org/view.php?id=CVE-2025-2382
17 Mar 2025 — A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aionman/cve/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5305 – Online Banquet Booking System Contact Us Page mail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5305
30 Sep 2023 — A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. • https://vuldb.com/?ctiid.240944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5304 – Online Banquet Booking System Service Booking book-services.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5304
30 Sep 2023 — A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. • https://vuldb.com/?ctiid.240943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5303 – Online Banquet Booking System Account Detail view-booking-detail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5303
30 Sep 2023 — A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.240942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28992
https://notcve.org/view.php?id=CVE-2022-28992
20 May 2022 — A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Online Banquet Booking System versión v1.0, permite a atacantes cambiar las credenciales de administrador por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •