Online Movie Ticket Booking System
by Codeastro
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7133 | Med | 0.28 | 4.3 | 0.00 | Jul 7, 2025 | A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2025-25776 | 0.00 | — | 0.00 | Apr 28, 2025 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing. | |||
| CVE-2025-25775 | 0.00 | — | 0.00 | Apr 25, 2025 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | |||
| CVE-2025-25777 | 0.00 | — | 0.00 | Apr 24, 2025 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. | |||
| CVE-2023-44174 | 0.00 | — | 0.00 | Sep 28, 2023 | Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. | |||
| CVE-2021-44866 | 0.00 | — | 0.01 | Feb 3, 2022 | An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. |
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…
- CVE-2025-25776Apr 28, 2025risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.
- CVE-2025-25775Apr 25, 2025risk 0.00cvss —epss 0.00
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
- CVE-2025-25777Apr 24, 2025risk 0.00cvss —epss 0.00
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
- CVE-2023-44174Sep 28, 2023risk 0.00cvss —epss 0.00
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
- CVE-2021-44866Feb 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.