CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0283 – SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection
https://notcve.org/view.php?id=CVE-2023-0283
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20review_search.md https://vuldb.com/?ctiid.218277 https://vuldb.com/?id.218277 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0281 – SourceCodester Online Flight Booking Management System judge_panel.php sql injection
https://notcve.org/view.php?id=CVE-2023-0281
A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. • https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20judge_panel.md https://vuldb.com/?ctiid.218276 https://vuldb.com/?id.218276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0245 – SourceCodester Online Flight Booking Management System add_contestant.php sql injection
https://notcve.org/view.php?id=CVE-2023-0245
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/f4cky0u/Security-vulnerabilities/blob/main/Online%20Flight%20Booking%20Management%20System%20add_contestant.php%20has%20SQLinject.md https://vuldb.com/?ctiid.218153 https://vuldb.com/?id.218153 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •