PT-2023-29356 · Unknown · Online Bus Booking System
Andres Roldan
·
Published
2023-11-02
·
Updated
2023-11-08
·
CVE-2023-45015
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Online Bus Booking System version 1.0
Description
The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the
date parameter of the "bus info.php" resource does not validate the characters received, and they are sent unfiltered to the database. This lack of validation allows for potential SQL injection attacks.Recommendations
For Online Bus Booking System version 1.0, consider validating and filtering the
date parameter in the "bus info.php" resource to prevent SQL injection attacks. As a temporary workaround, restrict access to the "bus info.php" resource until a proper fix is implemented.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Bus Booking System