Page 2 of 6 results (0.004 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVE-2021-44866
https://notcve.org/view.php?id=CVE-2021-44866
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. Se ha detectado un problema en Online-Movie-Ticket-Booking-System versión 1.0. El archivo about.php no lleva a cabo la comprobación de entrada en el parámetro "id". • https://github.com/projectworldsofficial/Online-Movie-Ticket-Booking-System-in-php/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •