iResturant
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45803 | 0.00 | — | 0.01 | Jan 25, 2022 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | |||
| CVE-2021-45802 | 0.00 | — | 0.01 | Jan 25, 2022 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | |||
| CVE-2021-43436 | 0.00 | — | 0.01 | Jan 12, 2022 | MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | |||
| CVE-2021-43438 | 0.00 | — | 0.01 | Dec 20, 2021 | Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | |||
| CVE-2021-43439 | 0.00 | — | 0.03 | Dec 20, 2021 | RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely |
- CVE-2021-45803Jan 25, 2022risk 0.00cvss —epss 0.01
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.
- CVE-2021-45802Jan 25, 2022risk 0.00cvss —epss 0.01
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
- CVE-2021-43436Jan 12, 2022risk 0.00cvss —epss 0.01
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
- CVE-2021-43438Dec 20, 2021risk 0.00cvss —epss 0.01
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field
- CVE-2021-43439Dec 20, 2021risk 0.00cvss —epss 0.03
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely