CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50866 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50866
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'username' del recurso loginAction.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50865 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50865
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'city' del recurso hotelSearch.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50864 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50864
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'hotelId' del recurso hotelDetails.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50863 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50863
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'hotelIDHidden' del recurso generateReceipt.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50862 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50862
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'hotelIDHidden' del recurso booking.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •