Vulnerabilities (CVE)

Filtered by vendor Kashipara Subscribe

Filtered by product Travel Website

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-50867	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50866	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50865	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50864	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50863	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50862	1 Kashipara	1 Travel Website	2024-11-21	N/A	9.8 CRITICAL
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.