7 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'category' del recurso category.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'username' del recurso include/login.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'date' del recurso bus_info.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'user_email' del recurso bus_info.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. Una vulnerabilidad de inyección SQL en Online Bus Booking System Project Using PHP/MySQL versión 1.0, permite a atacantes remotos omitir la autenticación y ejecutar comandos SQL arbitrarios Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-Using-PHP-MySQL-1.0-SQL-Injection.html http://seclists.org/fulldisclosure/2020/Dec/4 https://seclists.org/fulldisclosure/2020/Dec/4 https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •