Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Online Bus Booking System

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2023-45019
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:19
Updated-05 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectonline_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking Systemonline_bus_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45018
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:17
Updated-05 Sep, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectonline_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking Systemonline_bus_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45015
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:14
Updated-04 Sep, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45012
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:11
Updated-04 Sep, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')