Kjayvik: Security Vulnerabilities
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
CVSS Score
9.4
EPSS Score
0.001
Published
2024-08-23
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-08-23
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-23
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-22
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-22
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-22