Search
Search Results (18 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51567 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2026-01-16 | 9.1 Critical |
| A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request. | ||||
| CVE-2023-49269 | 1 Jayesh | 1 Hotel Management System | 2026-01-06 | 5.4 Medium |
| Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | ||||
| CVE-2023-49270 | 1 Jayesh | 1 Hotel Management System | 2026-01-06 | 5.4 Medium |
| Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | ||||
| CVE-2023-49271 | 1 Jayesh | 1 Hotel Management System | 2026-01-06 | 5.4 Medium |
| Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | ||||
| CVE-2023-49272 | 1 Jayesh | 1 Hotel Management System | 2025-12-05 | 5.4 Medium |
| Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | ||||
| CVE-2024-40479 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2025-11-19 | 8.1 High |
| A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | ||||
| CVE-2024-42768 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
| CVE-2024-42769 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | ||||
| CVE-2024-42770 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 4.7 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. | ||||
| CVE-2024-42771 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 4.8 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | ||||
| CVE-2024-42772 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
| CVE-2024-42773 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | ||||
| CVE-2024-42774 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
| CVE-2024-42775 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
| CVE-2024-42776 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
| CVE-2024-42767 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2025-03-14 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2025-03-13 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | ||||
Page 1 of 1.