CVE-2018-5077

Name of the Vulnerable Software and Affected Versions Online Ticket Booking (affected versions not specified)

Description The issue is related to a security problem where an attacker can inject malicious code. This is possible due to the lack of proper input validation in the moviename parameter of the "admin/movieedit.php" API endpoint.

Recommendations As a temporary workaround, consider restricting access to the moviename parameter in the "admin/movieedit.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.