RSS   Podatności dla 'Seat reservation system'   RSS

2020-09-30
 
CVE-2020-25763

CWE-434
 

 
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.

 
 
CVE-2020-25762

CWE-89
 

 
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

 


Copyright 2024, cxsecurity.com

 

Back to Top