CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45015 – Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45015
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'date' del recurso bus_info.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45012 – Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45012
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'user_email' del recurso bus_info.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38520 – WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering
https://notcve.org/view.php?id=CVE-2023-38520
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4. El control externo de la vulnerabilidad de parámetros web supuestamente inmutables en PINPOINT.WORLD Pinpoint Booking System permite el uso indebido de la funcionalidad. Este problema afecta a Pinpoint Booking System: desde n/a hasta 2.9.9.3.4. The Pinpoint Booking System plugin for WordPress is vulnerable to content spoofing in versions up to, and including, 2.9.9.3.4. This makes it possible for unauthenticated attackers to inject content that may alter the content and display of select pages. • https://patchstack.com/database/vulnerability/booking-system/wordpress-pinpoint-booking-system-plugin-2-9-9-3-4-parameter-tampering?_s_id=cve • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29168
https://notcve.org/view.php?id=CVE-2020-29168
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. • https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C https://projectworlds.in/wp-content/uploads/2020/05/PHP-Doctor-Appointment-System.zip https://www.exploit-db.com/exploits/49059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0283 – SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection
https://notcve.org/view.php?id=CVE-2023-0283
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20review_search.md https://vuldb.com/?ctiid.218277 https://vuldb.com/?id.218277 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •