CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2263 – Online Hotel Booking System Room edit_room_cat.php sql injection
https://notcve.org/view.php?id=CVE-2022-2263
12 Jul 2022 — A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit_room_cat.php of the component Room Handler. The manipulation of the argument roomname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Online%20Hotel%20Booking%20System/Online%20Hotel%20Booking%20System%20edit_room_cat.php%20id%20SQL%20inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2022-2262 – Online Hotel Booking System Room edit_all_room.php sql injection
https://notcve.org/view.php?id=CVE-2022-2262
12 Jul 2022 — A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input 2828%27%20AND%20(SELECT%203766%20FROM%20(SELECT(SLEEP(5)))BmIK)%20AND%20%27YLPl%27=%27YLPl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Online%20Hotel%20Booking%20System/Online%20Hotel%20Booking%20System%20edit_all_room.php%20id%20SQL%20inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23984
https://notcve.org/view.php?id=CVE-2020-23984
27 Aug 2020 — Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. Online Hotel Booking System Pro PHP versión 1.3, presenta una vulnerabilidad de tipo Cross-site Scripting Persistente en todas las etiquetas del formulario de registro del Cliente • https://packetstormsecurity.com/files/157117/Online-Hotel-Booking-System-Pro-1.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15536 – Online Hotel Booking System Pro <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15536
04 Apr 2020 — An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Hotel Booking System Pro versiones hasta 1.1 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157116/WordPress-Hotel-Booking-System-Pro-1.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •