← Back

Travel Website

travel_website

Vendor: Kashipara • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-50867
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltere...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. Show less
CVE-2023-50866
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. Show less
CVE-2023-50865
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. Show less
CVE-2023-50864
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. Show less
CVE-2023-50863
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent u...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. Show less
CVE-2023-50862
1Kashipara
1Travel Website
Nov 21, 2024
Jan 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltere...Show more
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. Show less