CVE-2023-5585 – SourceCodester Online Motorcycle Rental System Bike List cross site scripting
https://notcve.org/view.php?id=CVE-2023-5585
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. • https://vuldb.com/?ctiid.242170 https://vuldb.com/?id.242170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44249
https://notcve.org/view.php?id=CVE-2021-44249
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. Online Motorcycle (Bike) Rental System versión 1.0, es vulnerable a un ataque de Inyección SQL Basado en Tiempo Ciego dentro del portal de inicio de sesión. Esto puede conllevar a que atacantes descarguen remotamente las credenciales de la base de datos MySQL • https://doctorzorka.github.io/Exploits/exploit-1.html https://www.exploit-db.com/exploits/50429 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •