Page 2 of 7 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-44091

https://notcve.org/view.php?id=CVE-2021-44091

A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Courcecodester Multi Restaurant Table Reservation System versión 1.0, en el archivo register.php por medio de los parámetros (1) fullname, (2) phone, y (3) address • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Multi%20Restaurant%20Table%20Reservation%20System https://www.nu11secur1ty.com/2021/11/multi-restaurant-table-reservation.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2

CVE-2020-29284

https://notcve.org/view.php?id=CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. El archivo view-chair-list.php en Multi Restaurant Table Reservation System versión 1.0, no lleva a cabo la comprobación de entrada en el parámetro table_id, lo que permite una inyección SQL no autenticada. Un atacante puede enviar una entrada maliciosa en la petición GET a /dashboard/view-chair-list.php? • https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md https://www.exploit-db.com/exploits/48984 https://www.sourcecodester.com/php/14568/multi-restaurant-table-reservation-system-php-full-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •