CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1100 – SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection
https://notcve.org/view.php?id=CVE-2023-1100
28 Feb 2023 — A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38758
https://notcve.org/view.php?id=CVE-2021-38758
16 Aug 2021 — Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. Existe una vulnerabilidad de Salto de Directorio en Online Catering Reservation System versión 1.0 debido a una falta de comprobación en el archivo index.php. • https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38752
https://notcve.org/view.php?id=CVE-2021-38752
16 Aug 2021 — A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. Una vulnerabilidad de tipo cross-site scripting (XSS) en Online Catering Reservation System using PHP on Sourcecodester, permite a un atacante inyectar arbitrariamente código en la barra de búsqueda. • https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •