Online Movie Theater Seat Reservation System
Monthly
CVE-2025-7547 is a critical unrestricted file upload vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the save_movie function in /admin/admin_class.php. An unauthenticated remote attacker can manipulate the 'cover' parameter to upload arbitrary files, potentially leading to remote code execution, data compromise, and service disruption. The exploit has been publicly disclosed and may be actively exploited in the wild.
CVE-2025-7457 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /admin/manage_movie.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising database confidentiality, integrity, and availability. Public disclosure and exploit availability elevate the risk profile significantly.
CVE-2025-7456 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /reserve.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the reservation database. Public exploit code is available, indicating active disclosure risk.
CVE-2025-7455 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /manage_reserve.php file's 'mid' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or service disruption. Public exploit disclosure and active exploitation potential significantly increase real-world risk despite the moderate CVSS 7.3 score.
CVE-2025-7454 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /admin/manage_theater.php file where the ID parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the theater reservation database. The exploit has been publicly disclosed and is actively exploitable with no authentication required.
CVE-2025-7547 is a critical unrestricted file upload vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the save_movie function in /admin/admin_class.php. An unauthenticated remote attacker can manipulate the 'cover' parameter to upload arbitrary files, potentially leading to remote code execution, data compromise, and service disruption. The exploit has been publicly disclosed and may be actively exploited in the wild.
CVE-2025-7457 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /admin/manage_movie.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising database confidentiality, integrity, and availability. Public disclosure and exploit availability elevate the risk profile significantly.
CVE-2025-7456 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /reserve.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the reservation database. Public exploit code is available, indicating active disclosure risk.
CVE-2025-7455 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /manage_reserve.php file's 'mid' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or service disruption. Public exploit disclosure and active exploitation potential significantly increase real-world risk despite the moderate CVSS 7.3 score.
CVE-2025-7454 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /admin/manage_theater.php file where the ID parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the theater reservation database. The exploit has been publicly disclosed and is actively exploitable with no authentication required.