exploitDog

CVE-2023-45019

Опубликовано: 02 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

Ссылки

https://fluidattacks.com/advisories/oconnor
Exploit
Third Party Advisory
https://projectworlds.in/
Product
https://fluidattacks.com/advisories/oconnor
Exploit
Third Party Advisory
https://projectworlds.in/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-f38r-jrwh-28gc

CVSS3: 9.8

github

больше 2 лет назад

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

EPSS

Процентиль: 27%

0.00097

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89