Overview
- Description
- Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
- Source
- help@fluidattacks.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- help@fluidattacks.com
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
],
"operator": "OR"
}
]
}
]