cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-51208,https://securityvulnerability.io/vulnerability/CVE-2024-51208,File Upload Vulnerability in Boat Booking System by Anuj Kumar,"The Boat Booking System developed by Anuj Kumar contains a security flaw within its image upload functionality. This vulnerability enables local attackers to upload arbitrary PHP scripts, potentially compromising the integrity of the server and executing unauthorized code. This could lead to serious security breaches, allowing attackers to manipulate or access sensitive information within the system. The vulnerability is particularly concerning as it does not impose sufficient validation checks on uploaded files, specifically the capabilities of the image upload mechanism, which can be exploited if not properly secured.",PHPgurukul,Boat Booking System,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-11-20T15:15:00.000Z,0
CVE-2024-10191,https://securityvulnerability.io/vulnerability/CVE-2024-10191,Remote Cross-Site Scripting (XSS) Vulnerability Discovered in PHPGurukul Boat Booking System 1.0,"A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",PHPgurukul,Boat Booking System,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-10-20T04:31:05.000Z,true,false,false,,2024-10-20T05:31:05.194Z,0
CVE-2024-10162,https://securityvulnerability.io/vulnerability/CVE-2024-10162,SQL Injection Vulnerability in PHPGurukul Boat Booking System,"A critical SQL injection vulnerability has been identified in the PHPGurukul Boat Booking System version 1.0, specifically within the '/admin/edit-subadmin.php' file, which manages the Edit Subdomain Details page. Malicious actors can exploit this vulnerability remotely by manipulating the input parameters, including 'sadminusername', 'fullname', 'emailid', and 'mobilenumber'. Though initial reports primarily highlight the parameter 'mobilenumber' as vulnerable, it is crucial to consider that other parameters may also lead to compromising the integrity of the database. Given that the exploit has been publicly disclosed, administrators are urged to assess their systems and implement necessary security measures to mitigate potential attacks.",PHPgurukul,Boat Booking System,7.2,HIGH,0.0007800000021234155,false,,false,false,true,2024-10-20T00:00:08.000Z,true,false,false,,2024-10-20T01:00:08.694Z,0
CVE-2024-10161,https://securityvulnerability.io/vulnerability/CVE-2024-10161,Unrestricted File Upload Vulnerability in PHPGurukul Boat Booking System,"The PHPGurukul Boat Booking System 1.0 contains a severe vulnerability in the Update Boat Image Page specifically tied to the change-image.php file. An attacker can manipulate the 'image' argument, leading to an unrestricted file upload, which poses significant security risks including potential remote code execution. This flaw can be exploited remotely, meaning that attackers do not need direct access to the affected server. With this vulnerability disclosed publicly, it’s essential for users to assess their configurations and apply necessary patches or upgrades promptly to mitigate the risks.",PHPgurukul,Boat Booking System,8.8,HIGH,0.0006300000241026282,false,,false,false,true,2024-10-19T23:31:05.000Z,true,false,false,,2024-10-20T00:31:05.138Z,0
CVE-2024-10159,https://securityvulnerability.io/vulnerability/CVE-2024-10159,SQL Injection Vulnerability in PHPGurukul Boat Booking System My Profile Page,"The PHPGurukul Boat Booking System version 1.0 has a serious SQL injection vulnerability present in the My Profile Page component, specifically within the /admin/profile.php file. Attackers can exploit this weakness by manipulating input fields such as sadminusername, fullname, emailid, and mobilenumber, allowing unauthorized access to sensitive information. Although initial reports highlight the mobilenumber parameter, it is imperative to acknowledge that other parameters are also susceptible to injection attacks. This vulnerability can be exploited remotely, which significantly amplifies the risk to users and administrators alike. It is essential for users of the affected version to immediately assess their security posture and apply necessary patches or mitigations.",PHPgurukul,Boat Booking System,7.2,HIGH,0.0020600000862032175,false,,false,false,true,2024-10-19T23:15:00.000Z,true,false,false,,2024-10-20T00:15:00.000Z,0
CVE-2024-10160,https://securityvulnerability.io/vulnerability/CVE-2024-10160,SQL Injection Flaw in PHPGurukul Boat Booking System,"A serious security vulnerability has been discovered in PHPGurukul's Boat Booking System version 1.0, specifically within the BW Dates Report Page /admin/bwdates-report-details.php. This issue allows remote attackers to exploit SQL injection by manipulating the 'fdate' and 'tdate' parameters. While the initial research solely pointed to 'fdate' as the affected parameter, it is prudent to infer that 'tdate' is also vulnerable. Due to its remote exploitability, this vulnerability poses significant risks to the integrity and security of the application's database. Users and administrators are strongly advised to take immediate action to secure their systems against this threat.",PHPgurukul,Boat Booking System,8.8,HIGH,0.00171999994199723,false,,false,false,true,2024-10-19T23:15:00.000Z,true,false,false,,2024-10-20T00:15:00.000Z,0
CVE-2024-10158,https://securityvulnerability.io/vulnerability/CVE-2024-10158,Remote Session Fixation Vulnerability Discovered in PHPGurukul Boat Booking System,"A vulnerability has been identified in PHPGurukul's Boat Booking System version 1.0, specifically affecting the session_start function. This flaw allows an attacker to manipulate user session IDs, leading to potential session fixation attacks. Such an attack could enable unauthorized access to user accounts, compromising sensitive information. The exploit has been publicly disclosed, indicating that attackers might actively use this vulnerability to exploit systems that have not been patched.",PHPgurukul,Boat Booking System,8.8,HIGH,0.0015200000489130616,false,,false,false,true,2024-10-19T22:00:07.000Z,true,false,false,,2024-10-19T23:00:07.132Z,0
CVE-2024-10157,https://securityvulnerability.io/vulnerability/CVE-2024-10157,SQL Injection Vulnerability in PHPGurukul Boat Booking System,"A critical SQL injection vulnerability has been identified in the PHPGurukul Boat Booking System version 1.0, specifically affecting the password recovery functionality located at /admin/password-recovery.php. This flaw allows attackers to manipulate the 'username' parameter, enabling unauthorized SQL queries to be executed in the backend database. The remote exploitation of this vulnerability poses a significant security risk, as it can lead to data exposure and system compromise. Users are urged to update to a patched version and follow best practices for securing their applications.",PHPgurukul,Boat Booking System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-10-19T21:31:05.000Z,true,false,false,,2024-10-19T22:31:05.359Z,0
CVE-2024-10156,https://securityvulnerability.io/vulnerability/CVE-2024-10156,SQL Injection Vulnerability in PHPGurukul Boat Booking System,"A significant vulnerability has been identified in the PHPGurukul Boat Booking System version 1.0, specifically within the Sign In Page functionality. This flaw allows an attacker to manipulate the 'username' parameter in the '/admin/index.php' file, potentially leading to SQL injection attacks. Such attacks can be executed remotely, allowing unauthorized access to sensitive database information. The exploit for this vulnerability has already been publicly disclosed, increasing the risk of attacks on vulnerable systems. Organizations utilizing this system are strongly encouraged to apply necessary security measures to mitigate potential exploitation.",PHPgurukul,Boat Booking System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-10-19T20:00:08.000Z,true,false,false,,2024-10-19T21:00:08.643Z,0
CVE-2024-10155,https://securityvulnerability.io/vulnerability/CVE-2024-10155,Cross Site Scripting Vulnerability in Boat Booking System,"A vulnerability has been identified in the PHPGurukul Boat Booking System version 1.0, specifically within the file book-boat.php?bid=1. This vulnerability arises from improper handling of the phone_number parameter, enabling attackers to execute cross-site scripting (XSS) attacks. Attackers can exploit this flaw remotely, possibly affecting users who interact with the booking system. Public disclosure of this exploit has raised concerns for web security, necessitating prompt attention from system administrators and developers to mitigate potential risks.",PHPgurukul,Boat Booking System,6.1,MEDIUM,0.0009800000116229057,false,,false,false,true,2024-10-19T19:31:05.000Z,true,false,false,,2024-10-19T20:31:05.591Z,0
CVE-2024-10154,https://securityvulnerability.io/vulnerability/CVE-2024-10154,SQL Injection Vulnerability in PHPGurukul Boat Booking System,"A serious SQL injection vulnerability exists in the PHPGurukul Boat Booking System 1.0, specifically within the Check Booking Status Page's status.php file. The flaw arises from improper handling of the 'emailid' argument during requests, allowing attackers to manipulate this input and execute malicious SQL queries remotely. This exploit has been publicly disclosed, emphasizing the urgent need for users to identify and secure their systems against potential attacks. Proper filtering and parameterized queries should be implemented to safeguard the application and protect sensitive data from unauthorized access.",PHPgurukul,Boat Booking System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-10-19T17:31:05.000Z,true,false,false,,2024-10-19T18:31:05.394Z,0
CVE-2024-10153,https://securityvulnerability.io/vulnerability/CVE-2024-10153,SQL Injection Vulnerability in PHPGurukul Boat Booking System,"A critical SQL injection vulnerability exists in PHPGurukul Boat Booking System version 1.0 within the Book a Boat Page functionality. This vulnerability is caused by improper handling of user input within the `book-boat.php?bid=1` component, specifically the `nopeople` argument. Attackers can exploit this weakness to execute arbitrary SQL queries against the underlying database, leading to unauthorized data access and manipulation. The vulnerability is remotely exploitable, making it essential for users and administrators of affected systems to implement immediate security measures. Publicly disclosed exploit details heighten the risk, emphasizing the need for prompt action to mitigate potential threats.",PHPgurukul,Boat Booking System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-10-19T17:00:09.000Z,true,false,false,,2024-10-19T18:00:09.081Z,0