cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35155,https://securityvulnerability.io/vulnerability/CVE-2022-35155,Reflected Cross-Site Scripting Vulnerability in Bus Pass Management System by PHP Gurukul,"The Bus Pass Management System version 1.0 has been found to contain a reflected cross-site scripting vulnerability. This vulnerability arises through improper handling of user input, particularly via the 'searchdata' parameter. Consequently, an attacker could craft a malicious URL that, when accessed by a victim, would execute arbitrary JavaScript in the victim's browser, potentially leading to the theft of sensitive information or session hijacking.",PHPgurukul,Bus Pass Management System,6.1,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-09-30T18:10:11.000Z,0
CVE-2022-35156,https://securityvulnerability.io/vulnerability/CVE-2022-35156,SQL Injection Flaw in Bus Pass Management System by Bus.com,"The Bus Pass Management System 1.0 contains a SQL Injection vulnerability that can be exploited through the 'searchdata' parameter at '/buspassms/download-pass.php'. This flaw allows attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to the database. Proper sanitization and validation of user inputs are essential to mitigate this security risk.",PHPgurukul,Bus Pass Management System,9.8,CRITICAL,0.010990000329911709,false,,false,false,false,,,false,false,,2022-09-30T18:10:01.000Z,0
CVE-2022-36198,https://securityvulnerability.io/vulnerability/CVE-2022-36198,SQL Injection Vulnerability in Bus Pass Management System by PHP Gurukul,"The Bus Pass Management System 1.0 is vulnerable to multiple SQL injection attacks through specific PHP files, including view-enquiry.php, pass-bwdates-reports-details.php, changeimage.php, search-pass.php, edit-category-detail.php, and edit-pass-detail.php. These weaknesses allow attackers to exploit input fields used in web requests, potentially leading to unauthorized access and manipulation of sensitive data stored in the database. It is crucial for users of this system to ensure their application is patched to mitigate these security risks.",PHPgurukul,Bus Pass Management System,9.8,CRITICAL,0.0029100000392645597,false,,false,false,false,,,false,false,,2022-08-22T00:31:13.000Z,0
CVE-2022-29008,https://securityvulnerability.io/vulnerability/CVE-2022-29008,Insecure Direct Object Reference in Bus Pass Management System by Sudoninja,"An insecure direct object reference (IDOR) vulnerability in the Bus Pass Management System v1.0 allows malicious users to manipulate parameters within requests. By altering the 'viewid' parameter, attackers can gain unauthorized access to sensitive information that is meant to be protected. This vulnerability highlights the importance of proper access controls and input validation mechanisms to safeguard user data and system integrity.",PHPgurukul,Bus Pass Management System,6.5,MEDIUM,0.0062500000931322575,false,,false,false,true,2022-05-21T11:58:26.000Z,true,false,false,,2022-05-11T13:08:03.000Z,0
CVE-2021-44317,https://securityvulnerability.io/vulnerability/CVE-2021-44317,Stored Cross-Site Scripting in Bus Pass Management System by Abhiunix,"The Bus Pass Management System version 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting the 'pagedes' and 'About Us' parameters. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to user data compromise and session hijacking. Proper input validation and security measures should be implemented to mitigate this risk.",PHPgurukul,Bus Pass Management System,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-16T18:26:11.000Z,0
CVE-2021-44315,https://securityvulnerability.io/vulnerability/CVE-2021-44315,Directory Listing Vulnerability in Bus Pass Management System by Abhiunix,"The Bus Pass Management System v1.0 features a directory listing vulnerability that permits unauthorized users to access sensitive files stored on the web server. This flaw can reveal crucial data, including user credentials and server configuration files, which may lead to further exploitation of the system. Proper server configurations are essential to mitigate this risk and protect sensitive information from being publicly accessible.",PHPgurukul,Bus Pass Management System,7.5,HIGH,0.004029999952763319,false,,false,false,false,,,false,false,,2021-12-16T18:21:17.000Z,0