Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/barenboim/ | Exploit Third Party Advisory |
https://projectworlds.in/ | Product |
https://fluidattacks.com/advisories/barenboim/ | Exploit Third Party Advisory |
https://projectworlds.in/ | Product |
Configurations
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/barenboim/ - Exploit, Third Party Advisory | |
References | () https://projectworlds.in/ - Product |
29 Dec 2023, 14:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:* | |
References | () https://projectworlds.in/ - Product | |
References | () https://fluidattacks.com/advisories/barenboim/ - Exploit, Third Party Advisory | |
First Time |
Projectworlds railway Reservation System
Projectworlds |
21 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 21:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-48685
Mitre link : CVE-2023-48685
CVE.ORG link : CVE-2023-48685
JSON object : View
Products Affected
projectworlds
- railway_reservation_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')