Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-45018

Summary
Assigner-Fluid Attacks
Assigner Org ID-84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At-02 Nov, 2023 | 02:17
Updated At-05 Sep, 2024 | 19:17
Rejected At-
Credits

Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Fluid Attacks
Assigner Org ID:84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At:02 Nov, 2023 | 02:17
Updated At:05 Sep, 2024 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

Affected Products
Vendor
ProjectworldsProjectworlds Pvt. Limited
Product
Online Bus Booking System
Default Status
unaffected
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-66CAPEC-66 SQL Injection
CAPEC ID: CAPEC-66
Description: CAPEC-66 SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/advisories/oconnor
third-party-advisory
https://projectworlds.in/
N/A
Hyperlink: https://fluidattacks.com/advisories/oconnor
Resource:
third-party-advisory
Hyperlink: https://projectworlds.in/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/advisories/oconnor
third-party-advisory
x_transferred
https://projectworlds.in/
x_transferred
Hyperlink: https://fluidattacks.com/advisories/oconnor
Resource:
third-party-advisory
x_transferred
Hyperlink: https://projectworlds.in/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
online_bus_booking_system_project
Product
online_bus_booking_system
CPEs
  • cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:help@fluidattacks.com
Published At:02 Nov, 2023 | 03:15
Updated At:08 Nov, 2023 | 23:12

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
online_bus_booking_system_project
online_bus_booking_system_project
>>online_bus_booking_system>>1.0
cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primaryhelp@fluidattacks.com
CWE ID: CWE-89
Type: Primary
Source: help@fluidattacks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fluidattacks.com/advisories/oconnorhelp@fluidattacks.com
Exploit
Third Party Advisory
https://projectworlds.in/help@fluidattacks.com
Product
Hyperlink: https://fluidattacks.com/advisories/oconnor
Source: help@fluidattacks.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://projectworlds.in/
Source: help@fluidattacks.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

4967Records found
CVE-2023-46788
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:01
Updated-17 Sep, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46787
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:59
Updated-17 Sep, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46793
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:10
Updated-17 Sep, 2024 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46679
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:37
Updated-12 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_job_portalOnline Job Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46677
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:35
Updated-12 Sep, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_job_portalOnline Job Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45019
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:19
Updated-05 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectonline_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking Systemonline_bus_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45346
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:03
Updated-12 Sep, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45338
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:01
Updated-12 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45015
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:14
Updated-04 Sep, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45111
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 01:42
Updated-05 Sep, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-razormistProjectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45340
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:38
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45343
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:59
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45342
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:47
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45344
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:57
Updated-17 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45012
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:11
Updated-04 Sep, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44267
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 19:14
Updated-09 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_art_galleryOnline Art Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48722
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 21:06
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48718
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.15%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:57
Updated-27 Nov, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48685
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:11
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48716
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:53
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48689
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:46
Updated-23 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48434
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.37%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 20:29
Updated-13 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_voting_system_projectOnline Voting System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48687
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:42
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48720
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 21:00
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48433
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 20:28
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_voting_system_projectOnline Voting System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46785
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:57
Updated-17 Sep, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45345
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:02
Updated-12 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45347
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:04
Updated-12 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45334
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:24
Updated-17 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-25889
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 79.50%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 13:00
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.

Action-Not Available
Vendor-online_bus_booking_system_projectn/a
Product-online_bus_booking_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-25273
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:34
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.

Action-Not Available
Vendor-online_bus_booking_system_projectn/a
Product-online_bus_booking_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46800
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:19
Updated-04 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Projectonline_matrimonial_project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46789
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:02
Updated-17 Sep, 2024 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45325
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:12
Updated-17 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45336
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:26
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45323
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:08
Updated-17 Sep, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45341
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:58
Updated-12 Jun, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45116
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:42
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination Systemonline_examination_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45120
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:21
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45121
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:23
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45119
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:03
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45118
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:51
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45117
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:47
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44482
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:59
Updated-27 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44480
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 20:52
Updated-09 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44481
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:58
Updated-12 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45115
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:36
Updated-21 May, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-57430
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-24 Jun, 2025 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-cinema_booking_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-5945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.45% / 92.93%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 01:54
Updated-06 Aug, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500_firmwaredsr-1000_firmwaredsr-500dsr-500n_firmwaredsr-150dsr-250ndsr-150ndsr-250n_firmwaredsr-1000n_firmwaredsr-250dsr-150_firmwaredsr-1000dsr-500ndsr-150n_firmwaredsr-250_firmwaredsr-1000nn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-46444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.61%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:29
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.

Action-Not Available
Vendor-hhg-multistoren/a
Product-multistoren/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 99
  • 100
  • Next
Details not found