Online Banquet Booking System
Monthly
SQL injection in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to manipulate the viewid parameter in /admin/view-user-queries.php, enabling database query manipulation with limited confidentiality and integrity impact. Despite a critical severity classification in the original report, the CVSS 4.0 score of 2.1 reflects low real-world risk due to required authentication and restricted impact scope. Public exploit code is available, but the low EPSS score (0.08th percentile) indicates minimal likelihood of widespread exploitation.
Stored cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to inject malicious scripts via the searchdata parameter in /admin/booking-search.php, which are then reflected to other users viewing search results. The vulnerability requires user interaction (clicking a malicious link) and authenticated access to the admin panel, resulting in session hijacking or credential theft. Publicly available exploit code exists, though the EPSS score of 0.07% (percentile 21%) and low CVSS score of 2.0 suggest limited real-world exploitation likelihood due to the authentication and user interaction requirements.
Stored or reflected cross-site scripting (XSS) vulnerability in PHPGurukul Online Banquet Booking System 1.0 allows remote attackers to inject malicious scripts via the user_login or userpassword parameters in /admin/login.php. User interaction is required for exploitation. Publicly available exploit code exists, and EPSS score of 0.10% indicates low real-world exploitation probability despite public disclosure.
Reflected cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to inject malicious scripts via the adminname parameter in /admin/admin-profile.php. The vulnerability requires user interaction (UI:P) to trigger payload execution but carries public exploit code, making it readily weaponizable despite the low CVSS score of 2.0 and minimal EPSS probability (0.07%).
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to manipulate the viewid parameter in /admin/view-user-queries.php, enabling database query manipulation with limited confidentiality and integrity impact. Despite a critical severity classification in the original report, the CVSS 4.0 score of 2.1 reflects low real-world risk due to required authentication and restricted impact scope. Public exploit code is available, but the low EPSS score (0.08th percentile) indicates minimal likelihood of widespread exploitation.
Stored cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to inject malicious scripts via the searchdata parameter in /admin/booking-search.php, which are then reflected to other users viewing search results. The vulnerability requires user interaction (clicking a malicious link) and authenticated access to the admin panel, resulting in session hijacking or credential theft. Publicly available exploit code exists, though the EPSS score of 0.07% (percentile 21%) and low CVSS score of 2.0 suggest limited real-world exploitation likelihood due to the authentication and user interaction requirements.
Stored or reflected cross-site scripting (XSS) vulnerability in PHPGurukul Online Banquet Booking System 1.0 allows remote attackers to inject malicious scripts via the user_login or userpassword parameters in /admin/login.php. User interaction is required for exploitation. Publicly available exploit code exists, and EPSS score of 0.10% indicates low real-world exploitation probability despite public disclosure.
Reflected cross-site scripting (XSS) in PHPGurukul Online Banquet Booking System 1.0 allows authenticated remote attackers to inject malicious scripts via the adminname parameter in /admin/admin-profile.php. The vulnerability requires user interaction (UI:P) to trigger payload execution but carries public exploit code, making it readily weaponizable despite the low CVSS score of 2.0 and minimal EPSS probability (0.07%).
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.