Описание
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
EPSS
Процентиль: 53%
0.00296
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89