Описание
A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input 2828%27%20AND%20(SELECT%203766%20FROM%20(SELECT(SLEEP(5)))BmIK)%20AND%20%27YLPl%27=%27YLPl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitThird Party Advisory
- ExploitPermissions RequiredThird Party Advisory
- ExploitThird Party Advisory
- ExploitPermissions RequiredThird Party Advisory
Уязвимые конфигурации
EPSS
4.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input 2828%27%20AND%20(SELECT%203766%20FROM%20(SELECT(SLEEP(5)))BmIK)%20AND%20%27YLPl%27=%27YLPl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
EPSS
4.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2