CVE-2017-17941
Description
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Single Theater Booking suffers from SQL injection in the admin/movieview.php movieid parameter, allowing data extraction.
Vulnerability
The SQL injection vulnerability exists in the admin/movieview.php script of PHP Scripts Mall Single Theater Booking. The movieid parameter is directly concatenated into SQL queries without sanitization. The latest version at the time of disclosure is affected [1].
Exploitation
An attacker must have access to the admin panel. By sending a crafted HTTP GET request to admin/movieview.php?movieid=, they can inject arbitrary SQL commands. No authentication is bypassed, but the attacker must be authenticated as admin to access the page [1].
Impact
Successful exploitation allows the attacker to extract database contents, including user credentials and other sensitive information. The impact is high as it can lead to full compromise of the application's data [1].
Mitigation
No official patch has been released. Users should avoid using this software or implement input validation and parameterized queries as a workaround. The vendor's status is unknown [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.mdnvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.