RSS   Vulnerabilities for 'Online bus booking system'   RSS

2020-12-08
 
CVE-2020-25889

CWE-89
 

 
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.

 
2020-10-08
 
CVE-2020-25273

CWE-287
 

 
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.

 
 
CVE-2020-25272

CWE-79
 

 
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top