CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0340 – code-projects Cinema Seat Reservation System deleteBooking.php sql injection
https://notcve.org/view.php?id=CVE-2025-0340
09 Jan 2025 — A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25307
https://notcve.org/view.php?id=CVE-2024-25307
09 Feb 2024 — Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." Code-projects Cinema Seat Reservation System 1.0 permite la inyección SQL a través del parámetro 'id' en "/Cinema-Reservation/booking.php?id=1". • https://github.com/tubakvgc/CVEs/blob/main/Cinema%20Seat%20Reservation%20System/Cinema%20Seat%20Reservation%20System%20-%20SQL%20Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •