Online Bus Booking System
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45019 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45018 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45015 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2020-25273 | 0.00 | — | 0.02 | Oct 8, 2020 | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | |||
| CVE-2020-25272 | 0.00 | — | 0.01 | Oct 8, 2020 | In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. |
- CVE-2023-45019Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45018Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45015Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2020-25273Oct 8, 2020risk 0.00cvss —epss 0.02
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
- CVE-2020-25272Oct 8, 2020risk 0.00cvss —epss 0.01
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.