Show filters
475 Total Results
Displaying 11-20 of 475
Sort by:
Attacker Value
Unknown
CVE-2025-1962
Disclosure Date: March 05, 2025 (last updated March 06, 2025)
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2025-1952
Disclosure Date: March 04, 2025 (last updated March 05, 2025)
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2025-1906
Disclosure Date: March 04, 2025 (last updated March 05, 2025)
A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
0
Attacker Value
Unknown
CVE-2025-1901
Disclosure Date: March 04, 2025 (last updated March 07, 2025)
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2025-1900
Disclosure Date: March 04, 2025 (last updated March 07, 2025)
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add-table.php. The manipulation of the argument tableno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2025-1894
Disclosure Date: March 04, 2025 (last updated March 06, 2025)
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2025-27264
Disclosure Date: March 03, 2025 (last updated March 04, 2025)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Doctor Appointment Booking allows PHP Local File Inclusion. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
0
Attacker Value
Unknown
CVE-2025-27263
Disclosure Date: March 03, 2025 (last updated March 04, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Doctor Appointment Booking allows SQL Injection. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
0
Attacker Value
Unknown
CVE-2024-13746
Disclosure Date: March 01, 2025 (last updated March 01, 2025)
The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts.
0
Attacker Value
Unknown
CVE-2024-12811
Disclosure Date: February 28, 2025 (last updated February 28, 2025)
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
0