Phpgurukul: >> Bus Pass Management System >> 1.0 Security Vulnerabilities
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-09-30
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-30
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-22
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-11
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-16
In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-16