Online Product Reservation System
Monthly
SQL injection in the Online Product Reservation System 1.0 user registration handler allows remote attackers to manipulate multiple input fields (name, address, contact details, email, username) without authentication to execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing active exploitation risk. No patch is currently available for affected PHP-based installations.
SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.
SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.
Online Product Reservation System versions up to 1.0 is affected by improper authentication (CVSS 7.3).
Online Product Reservation System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
SQL injection in the Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the transaction_id parameter in /order_view.php and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The flaw enables attackers to read, modify, or delete sensitive data with network access only.
SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.
SQL injection in the User Login component of Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the emailadd parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or modify database contents. No patch is currently available to address this issue.
SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.
SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.
Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).
SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.
SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the Online Product Reservation System 1.0 user registration handler allows remote attackers to manipulate multiple input fields (name, address, contact details, email, username) without authentication to execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing active exploitation risk. No patch is currently available for affected PHP-based installations.
SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.
SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.
Online Product Reservation System versions up to 1.0 is affected by improper authentication (CVSS 7.3).
Online Product Reservation System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
SQL injection in the Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the transaction_id parameter in /order_view.php and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The flaw enables attackers to read, modify, or delete sensitive data with network access only.
SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.
SQL injection in the User Login component of Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the emailadd parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or modify database contents. No patch is currently available to address this issue.
SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.
SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.
Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).
SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.
SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.