Aggregates CVE and security vulnerability intelligence across all iresturant_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk sql injection and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-45803 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | [email protected] | 8.8 | 0.26% | 2022-01-25 | 2024-11-21 |
| CVE-2021-45802 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | [email protected] | 9.8 | 0.25% | 2022-01-25 | 2024-11-21 |
| CVE-2021-43436 | MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | [email protected] | 5.4 | 0.19% | 2022-01-12 | 2024-11-21 |
| CVE-2021-43439 | RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | [email protected] | 9.8 | 2.99% | 2021-12-20 | 2024-11-21 |
| CVE-2021-43438 | Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | [email protected] | 5.4 | 0.15% | 2021-12-20 | 2024-11-21 |