CVE-2024-5385 – oretnom23 Online Car Wash Booking System cross site scripting
https://notcve.org/view.php?id=CVE-2024-5385
A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.266303 https://vuldb.com/?id.266303 https://vuldb.com/?submit.344504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-31342
https://notcve.org/view.php?id=CVE-2022-31342
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. Online Car Wash Booking System v1.0, es vulnerable a la eliminación de cualquier archivo por medio del archivo /ocwbs/classes/Master.php?f=delete_img • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/delete-file-1.md •
CVE-2022-31343
https://notcve.org/view.php?id=CVE-2022-31343
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/admin/?page=bookings/view_details&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31344
https://notcve.org/view.php?id=CVE-2022-31344
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/classes/Master.php?f=delete_booking • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31345
https://notcve.org/view.php?id=CVE-2022-31345
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. Online Car Wash Booking System v1.0, es vulnerable a una Inyección SQL por medio del archivo /ocwbs/admin/?page=user/manage_user&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-car-wash-booking-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •