cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9321,https://securityvulnerability.io/vulnerability/CVE-2024-9321,Improper Access Control in SourceCodester Online Railway Reservation System,"A critical vulnerability exists in the SourceCodester Online Railway Reservation System version 1.0, specifically within the access control mechanisms of the file /admin/inquiries/view_details.php. This vulnerability allows attackers to remotely manipulate the argument 'id', leading to unauthorized access to sensitive information. As public disclosures about this weakness are already available, it represents an urgent risk that could be exploited to gain inappropriate control over the web application. Organizations using this system should prioritize patching and implement stricter access controls to mitigate potential exploits.",Sourcecodester,Online Railway Reservation System,5.3,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-09-28T23:31:04.000Z,true,false,false,,2024-09-29T00:31:04.585Z,0
CVE-2024-9300,https://securityvulnerability.io/vulnerability/CVE-2024-9300,Cross Site Scripting Vulnerability in Online Railway Reservation System,"A vulnerability has been identified in the SourceCodester Online Railway Reservation System 1.0, specifically within the contact_us.php file of the Message Us Form component. It allows for cross-site scripting (XSS) attacks through the manipulation of the input fields such as fullname, email, and message. This flaw can be exploited remotely, enabling attackers to inject malicious scripts into the web application. Given its public disclosure, it is crucial for users to evaluate their systems and implement necessary security measures to mitigate potential risks associated with this vulnerability.",SourceCodester,Railway Reservation System,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-28T15:15:00.000Z,0
CVE-2024-9298,https://securityvulnerability.io/vulnerability/CVE-2024-9298,Vulnerability Found in Online Railway Reservation System 1.0: Remote Access Controls at Risk,A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the argument id leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.,SourceCodester,Railway Reservation System,4.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-09-28T14:15:00.000Z,0
CVE-2024-9299,https://securityvulnerability.io/vulnerability/CVE-2024-9299,Cross Site Scripting Vulnerability Discovered in Online Railway Reservation System,"A problematic cross-site scripting (XSS) vulnerability exists within the SourceCodester Online Railway Reservation System version 1.0. This vulnerability is triggered by manipulating the incoming parameters such as First Name, Middle Name, or Last Name in the URL path /?page=reserve. The flaw allows attackers to execute arbitrary JavaScript code in the context of the user's browser, leading to potential data theft, session hijacking, or defacement of the web application. Given that the exploit can be executed remotely, it poses a significant risk to affected users and the overall integrity of the system. Public disclosure of the vulnerability raises critical concerns about the potential for exploitation in real-world scenarios.",SourceCodester,Railway Reservation System,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-09-28T14:15:00.000Z,0
CVE-2024-9297,https://securityvulnerability.io/vulnerability/CVE-2024-9297,Improper Authorization in SourceCodester Online Railway Reservation System,"A serious vulnerability exists in the SourceCodester Online Railway Reservation System, particularly in the admin panel. This flaw lies within the manipulation of the 'page' argument, where an attacker can input 'trains/schedules/system_info' to gain unauthorized access. This improper authorization can be exploited remotely, raising significant security concerns. The exploit has already been disclosed publicly, creating a potential risk for users of the affected system. It is crucial for organizations utilizing this software to implement immediate security measures to mitigate the risks associated with this vulnerability.",SourceCodester,Railway Reservation System,6.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-09-28T12:15:00.000Z,0