Skip to main content

Online Banquet Booking System CVE-2022-28992

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2022-05-20 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 13:15 nvd
HIGH 8.8

DescriptionNVD

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.

AnalysisAI

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Affected products include: Phpgurukul Online Banquet Booking System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2025-45947 CRITICAL POC
9.8 Apr 28

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/cha

CVE-2025-2382 MEDIUM POC
6.9 Mar 17

A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Rated medium severity

CVE-2025-2608 MEDIUM POC
5.3 Mar 21

A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. Rated medium severity (C

CVE-2025-7925 LOW POC
2.1 Jul 21

Stored or reflected cross-site scripting (XSS) vulnerability in PHPGurukul Online Banquet Booking System 1.0 allows remo

CVE-2025-7927 LOW POC
2.1 Jul 21

SQL injection in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to manipulate the vi

CVE-2023-5305 MEDIUM
6.1 Sep 30

A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Rated medium severity (CVS

CVE-2023-5304 MEDIUM
6.1 Sep 30

A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Rated medium severity

CVE-2023-5303 MEDIUM
6.1 Sep 30

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Rated medium sever

CVE-2025-7926 LOW POC
2.0 Jul 21

Stored cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers

CVE-2025-7924 LOW POC
2.0 Jul 21

Reflected cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attacke

Share

CVE-2022-28992 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy