12 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing https://vuldb.com/?ctiid.251698 https://vuldb.com/?id.251698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_schedule • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-8.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_service • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_train • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-7.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_message • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-6.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •