NotCVE - vendor:"Restaurant Reservation System Project"

Page 2 of 8 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-44091

https://notcve.org/view.php?id=CVE-2021-44091

A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Courcecodester Multi Restaurant Table Reservation System versión 1.0, en el archivo register.php por medio de los parámetros (1) fullname, (2) phone, y (3) address • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Multi%20Restaurant%20Table%20Reservation%20System https://www.nu11secur1ty.com/2021/11/multi-restaurant-table-reservation.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-26773

https://notcve.org/view.php?id=CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php. Restaurant Reservation System versión 1.0, sufre una vulnerabilidad de inyección SQL autenticada, que permite a un atacante autenticado y remoto ejecutar comandos SQL arbitrarios por medio del parámetro date en el archivo includes/reservation.inc.php • https://packetstormsecurity.com/files/159475/Restaurant-Reservation-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14482/restaurant-reservation-system-php-full-source-code-2020.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2

CVE-2020-29284

https://notcve.org/view.php?id=CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. El archivo view-chair-list.php en Multi Restaurant Table Reservation System versión 1.0, no lleva a cabo la comprobación de entrada en el parámetro table_id, lo que permite una inyección SQL no autenticada. Un atacante puede enviar una entrada maliciosa en la petición GET a /dashboard/view-chair-list.php? • https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md https://www.exploit-db.com/exploits/48984 https://www.sourcecodester.com/php/14568/multi-restaurant-table-reservation-system-php-full-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2