Search

Find a vulnerability

Search criteria

    6 vulnerabilities by online_catering_reservation_system_project

    CVE-2023-1100 (GCVE-0-2023-1100)

    Vulnerability from nvd – Published: 2023-02-28 20:07 – Updated: 2024-08-02 05:32
    VLAI
    Title
    SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.222003 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.222003 signaturepermissions-required
    https://github.com/jackswordsz/bug_report/blob/ma… exploit
    Impacted products
    Credits
    jackswordsz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.222003"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.222003"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Online Catering Reservation System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "jackswordsz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Online Catering Reservation System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /reservation/add_message.php der Komponente POST Parameter Handler. Dank Manipulation des Arguments fullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T07:13:42.337Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.222003"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.222003"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-02-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-02-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-03-26T13:28:06.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1100",
        "datePublished": "2023-02-28T20:07:24.304Z",
        "dateReserved": "2023-02-28T20:06:09.978Z",
        "dateUpdated": "2024-08-02T05:32:46.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38758 (GCVE-0-2021-38758)

    Vulnerability from nvd – Published: 2021-08-16 13:54 – Updated: 2024-08-04 01:51
    VLAI
    Summary
    Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-31T11:54:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-38758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md",
                  "refsource": "MISC",
                  "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
                },
                {
                  "name": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login",
                  "refsource": "MISC",
                  "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-38758",
        "datePublished": "2021-08-16T13:54:03.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:51:20.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38752 (GCVE-0-2021-38752)

    Vulnerability from nvd – Published: 2021-08-16 13:53 – Updated: 2024-08-04 01:51
    VLAI
    Summary
    A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-16T13:53:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-38752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md",
                  "refsource": "MISC",
                  "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-38752",
        "datePublished": "2021-08-16T13:53:26.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:51:20.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1100 (GCVE-0-2023-1100)

    Vulnerability from cvelistv5 – Published: 2023-02-28 20:07 – Updated: 2024-08-02 05:32
    VLAI
    Title
    SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.222003 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.222003 signaturepermissions-required
    https://github.com/jackswordsz/bug_report/blob/ma… exploit
    Impacted products
    Credits
    jackswordsz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.222003"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.222003"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Online Catering Reservation System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "jackswordsz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Online Catering Reservation System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /reservation/add_message.php der Komponente POST Parameter Handler. Dank Manipulation des Arguments fullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T07:13:42.337Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.222003"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.222003"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-02-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-02-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-03-26T13:28:06.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1100",
        "datePublished": "2023-02-28T20:07:24.304Z",
        "dateReserved": "2023-02-28T20:06:09.978Z",
        "dateUpdated": "2024-08-02T05:32:46.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38758 (GCVE-0-2021-38758)

    Vulnerability from cvelistv5 – Published: 2021-08-16 13:54 – Updated: 2024-08-04 01:51
    VLAI
    Summary
    Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-31T11:54:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-38758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md",
                  "refsource": "MISC",
                  "url": "https://github.com/dumpling-soup/Online-Catering-Reservation-DT/blob/main/README.md"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38758/README.MD"
                },
                {
                  "name": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login",
                  "refsource": "MISC",
                  "url": "https://attackerkb.com/topics/XuEb81tsid/online-catering-reservation-dt-food-catering-by-oretnom23-v1-0-sql-injection---login"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-38758",
        "datePublished": "2021-08-16T13:54:03.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:51:20.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38752 (GCVE-0-2021-38752)

    Vulnerability from cvelistv5 – Published: 2021-08-16 13:53 – Updated: 2024-08-04 01:51
    VLAI
    Summary
    A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-16T13:53:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-38752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md",
                  "refsource": "MISC",
                  "url": "https://github.com/dumpling-soup/Online-Catering-Reservation/blob/main/README.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-38752",
        "datePublished": "2021-08-16T13:53:26.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:51:20.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }