Projectworlds: >> Online Movie Ticket Booking System >> 1.0 Security Vulnerabilities
The 'search' parameter of the process_search.php resource
does not validate the characters received and they
are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
The 'Email' parameter of the process_login.php resource
does not validate the characters received and they
are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
The 'age' parameter of the process_registration.php resource
does not validate the characters received and they
are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Stored Cross-Site Scripting vulnerability.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-09-28
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Reflected Cross-Site Scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-28
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-03