13 results (0.018 seconds)

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.266303 https://vuldb.com/?id.266303 https://vuldb.com/?submit.344504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. Online Car Wash Booking System v1.0, es vulnerable a la eliminación de cualquier archivo por medio del archivo /ocwbs/classes/Master.php?f=delete_img • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/delete-file-1.md •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/admin/?page=bookings/view_details&amp;id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/classes/Master.php?f=delete_booking • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/admin/?page=user/manage_user&amp;id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •