PT-2022-12249 · Unknown · Online Movie Ticket Booking System

0Xkami

Published

2022-02-03

Updated

2022-02-09

CVE-2021-44866

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Online-Movie-Ticket-Booking-System version 1.0

Description The issue concerns a lack of input validation on the id parameter in the about.php file. This allows an attacker to append SQL queries to the input, potentially extracting sensitive information from the database.

Recommendations For Online-Movie-Ticket-Booking-System version 1.0, consider validating the id parameter in the about.php file to prevent SQL injection attacks. As a temporary workaround, restrict access to the about.php file until a proper fix is implemented.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-44866

Affected Products

Online Movie Ticket Booking System

PT-2022-12249 · Unknown · Online Movie Ticket Booking System

CVE-2021-44866

Weakness Enumeration

Related Identifiers

Affected Products

References · 4