CVE-2023-45018

Name of the Vulnerable Software and Affected Versions Online Bus Booking System version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the username parameter of the "includes/login.php" resource does not validate the characters received, sending them unfiltered to the database. This allows for potential exploitation without the need for authentication.

Recommendations For Online Bus Booking System version 1.0, consider temporarily disabling the login functionality that utilizes the username parameter in the includes/login.php resource until a patch is available. Restrict access to the includes/login.php resource to minimize the risk of exploitation. Avoid using the username parameter in the affected login functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.