CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26773
https://notcve.org/view.php?id=CVE-2020-26773
07 Jan 2021 — Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php. Restaurant Reservation System versión 1.0, sufre una vulnerabilidad de inyección SQL autenticada, que permite a un atacante autenticado y remoto ejecutar comandos SQL arbitrarios por medio del parámetro date en el archivo includes/reservation.inc.php • https://packetstormsecurity.com/files/159475/Restaurant-Reservation-System-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35378
https://notcve.org/view.php?id=CVE-2020-35378
14 Dec 2020 — SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. Una inyección SQL en Online Bus Ticket Reservation versión 1.0, permite a atacantes ejecutar comandos SQL arbitrarios y omitir la autenticación por medio de los campos username y password. • https://www.exploit-db.com/exploits/49212 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-29284
https://notcve.org/view.php?id=CVE-2020-29284
02 Dec 2020 — The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. El archivo view-chair-list.php en Multi Restaurant Table Reservation System versión 1.0, no lleva a cabo la comprobación de entrada en el parámetro table_id, lo que permite una inyección SQL no autent... • https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 11%CPEs: 1EXPL: 3CVE-2020-25762 – Seat Reservation System 1.0 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2020-25762
22 Sep 2020 — An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. Se detectó un problema en SourceCodester Seat Reservation System versión 1.0. • https://www.exploit-db.com/exploits/48889 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 2CVE-2020-25763 – Seat Reservation System 1.0 Shell Upload
https://notcve.org/view.php?id=CVE-2020-25763
21 Sep 2020 — Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. Seat Reservation System versión 1.0, sufre una vulnerabilidad de carga de archivos no autenticada que permite a atacantes remotos obtener una Ejecución de Código Remota (RCE) en el Hosting Webserver por medio de una carga de archivos PHP Seat Reservation System version 1.0 suffers from an unauthenticated ... • http://packetstormsecurity.com/files/159260/Seat-Reservation-System-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7235 – CP Reservation Calendar < 1.1.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-7235
15 Sep 2015 — Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. Múltiples vulnerabilidades de inyección SQL en dex_reservations.php en el plugin CP Reservation Calendar en versiones anteriores a 1.1.7 para WordPress,... • https://www.exploit-db.com/exploits/38187 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •