CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2608 – PHPGurukul Banquet Booking System view-user-queries.php sql injection
https://notcve.org/view.php?id=CVE-2025-2608
21 Mar 2025 — A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/emano888/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2382 – PHPGurukul Online Banquet Booking System booking-search.php sql injection
https://notcve.org/view.php?id=CVE-2025-2382
17 Mar 2025 — A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aionman/cve/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5303 – Online Banquet Booking System Account Detail view-booking-detail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5303
30 Sep 2023 — A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.240942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28992
https://notcve.org/view.php?id=CVE-2022-28992
20 May 2022 — A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Online Banquet Booking System versión v1.0, permite a atacantes cambiar las credenciales de administrador por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •