CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41471
https://notcve.org/view.php?id=CVE-2021-41471
24 Jan 2022 — SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. Una vulnerabilidad de inyección SQL en Sourcecodester South Gate Inn Online Reservation System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio de los parámetros email y Password • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-12-09162021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46308
https://notcve.org/view.php?id=CVE-2021-46308
21 Jan 2022 — An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Online Railway Reservation Sysytem versión 1.0, por medio del parámetro sid • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Railway-Reservation • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-44091
https://notcve.org/view.php?id=CVE-2021-44091
20 Jan 2022 — A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Courcecodester Multi Restaurant Table Reservation System versión 1.0, en el archivo register.php por medio de los parámetros (1) fullname, (2) phone, y (3) address • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Multi%20Restaurant%20Table%20Reservation%20System • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 3CVE-2021-42667
https://notcve.org/view.php?id=CVE-2021-42667
05 Nov 2021 — A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Online Event Booking and Reservation System e... • https://github.com/0xDeku/CVE-2021-42667 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2021-42663
https://notcve.org/view.php?id=CVE-2021-42663
05 Nov 2021 — An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice. Se presenta una vulnerabilidad de inyección de HTML en Sourcecodester Online Event Booking and Reservation System en PHP/MySQL por medi... • https://github.com/0xDeku/CVE-2021-42663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2021-42662 – Online Event Booking And Reservation System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-42662
25 Oct 2021 — A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Sourcecodester Online Event Booking and Reservation System in PHP/MySQL por medio del parámetro Holiday reas... • https://github.com/0xDeku/CVE-2021-42662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 6CVE-2021-41511 – Lodging Reservation Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2021-41511
03 Oct 2021 — The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. El campo username and password de inicio de sesión en Lodging Reservation Management System versión V1, puede dar acceso a cualquier usuario al usar una inyección SQL para omitir la autenticación Lodging Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://github.com/vidvansh/CVE-2021-41511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38758
https://notcve.org/view.php?id=CVE-2021-38758
16 Aug 2021 — Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. Existe una vulnerabilidad de Salto de Directorio en Online Catering Reservation System versión 1.0 debido a una falta de comprobación en el archivo index.php. • https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38752
https://notcve.org/view.php?id=CVE-2021-38752
16 Aug 2021 — A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. Una vulnerabilidad de tipo cross-site scripting (XSS) en Online Catering Reservation System using PHP on Sourcecodester, permite a un atacante inyectar arbitrariamente código en la barra de búsqueda. • https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36002
https://notcve.org/view.php?id=CVE-2020-36002
17 Feb 2021 — Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. Seat-Reservation-System versión 1.0, presenta una vulnerabilidad de inyección SQL en el archivo index.php en los parámetros id donde los atacantes pueden obtener información confidencial de la base de datos • https://github.com/BigTiger2020/Seat-Reservation-System • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •