Code Projects Restaurant Reservation System

CRITICAL SQLi in Restaurant Reservation Sys 1.0 (filter3.php)
CVE-2024-9811 9.8 - Critical - October 10, 2024

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in codeprojects Restaurant Reservation System v1.0 /filter2.php
CVE-2024-9429 9.8 - Critical - October 02, 2024

A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.

SQL Injection

Critical SQLi in code-projects Restaurant System 1.0 (/updatebal.php)
CVE-2024-9360 9.8 - Critical - October 01, 2024

A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQL Injection in Restaurant Reservation System 1.0 via /addcompany.php (company param)
CVE-2024-9359 9.8 - Critical - October 01, 2024

A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQL Injection in code-projects Restaurant Reservation System 1.0 /filter.php
CVE-2024-9086 9.8 - Critical - September 22, 2024

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.

SQL Injection

Restaurant Reservation System 1.0 SQLi via date param in index.php
CVE-2024-9085 9.8 - Critical - September 22, 2024

A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions sid as affected paramater which is incorrect.

SQL Injection

SQL injection via reserv_id in view_reservations.php - CodeProjects RRS v1.0
CVE-2024-37799 - June 18, 2024

CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php.