Filtered by vendor Kashipara Subscriptions
Filtered by product Travel Website Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-50865 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50863 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50867 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50866 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50862 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50864 1 Kashipara 1 Travel Website 2024-08-02 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.