Show filters
135 Total Results
Displaying 101-110 of 135
Sort by:
Attacker Value
Unknown

CVE-2020-29283

Disclosure Date: December 02, 2020 (last updated February 22, 2025)
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-25273

Disclosure Date: October 08, 2020 (last updated February 22, 2025)
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-25272

Disclosure Date: October 08, 2020 (last updated February 22, 2025)
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-23984

Disclosure Date: August 27, 2020 (last updated February 22, 2025)
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15536

Disclosure Date: July 05, 2020 (last updated February 21, 2025)
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-15774

Disclosure Date: August 29, 2019 (last updated November 27, 2024)
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
0
0
Attacker Value
Unknown

CVE-2019-7554

Disclosure Date: June 06, 2019 (last updated November 27, 2024)
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
0
0
Attacker Value
Unknown

CVE-2018-20556

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
0
0
Attacker Value
Unknown

CVE-2019-9064

Disclosure Date: February 23, 2019 (last updated November 27, 2024)
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.
0
0
Attacker Value
Unknown

CVE-2019-9066

Disclosure Date: February 23, 2019 (last updated November 27, 2024)
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.
0
0
View More Topics  < Previous  Next >