PT-2024-30135 · Unknown · Kashipara Bus Ticket Reservation System
Published
2024-08-23
·
Updated
2024-08-27
·
CVE-2024-42765
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kashipara Bus Ticket Reservation System version 1.0
Description
A SQL injection vulnerability in the "/login.php" page of the Kashipara Bus Ticket Reservation System allows remote attackers to execute arbitrary SQL commands and bypass login via the
email or password parameters. This issue enables attackers to access the system without proper authentication.Recommendations
For Kashipara Bus Ticket Reservation System version 1.0, upgrade to version 1.1 to mitigate the risks associated with this issue. As a temporary workaround, consider restricting access to the "/login.php" page until the upgrade is applied. Avoid using the
email and password parameters in the login page until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Bus Ticket Reservation System