Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/evans/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Product |
https://fluidattacks.com/advisories/evans/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Product |
Configurations
History
21 Nov 2024, 08:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/evans/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Product |
10 Jan 2024, 01:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Kashipara
Kashipara travel Website |
|
CPE | cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:* | |
References | () https://fluidattacks.com/advisories/evans/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Product |
04 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-04 15:15
Updated : 2024-11-21 08:37
NVD link : CVE-2023-50863
Mitre link : CVE-2023-50863
CVE.ORG link : CVE-2023-50863
JSON object : View
Products Affected
kashipara
- travel_website
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')