Aggregates CVE and security vulnerability intelligence across all online_bus_booking_system_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk cross-site scripting, with potential vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-45019 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45018 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45015 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45012 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.67% | 2023-11-01 | 2026-06-17 |
| CVE-2020-25889 | Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | [email protected] | 9.8 | 2.73% | 2020-12-08 | 2026-06-16 |
| CVE-2020-25273 | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | [email protected] | 9.8 | 1.79% | 2020-10-08 | 2026-06-16 |
| CVE-2020-25272 | In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | [email protected] | 6.1 | 0.86% | 2020-10-08 | 2026-06-16 |