CVE-2023-50862 – Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

https://notcve.org/view.php?id=CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. Travel Website v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'hotelIDHidden' del recurso booking.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/evans https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •