Kashipara Travel Website 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Kashipara (6b7db86c-2a94-5a2d-adbe-6158c7191f84) |
|---|---|
| Product | Travel Website (d35a2454-fb1c-53f6-b52e-8a930caf52ad) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-50867 |
vulnerable | 2026-06-03 14:53:31.608689 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:33:52.582Z
Updated: 2025-06-17T20:29:11.098Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50866 |
vulnerable | 2026-06-03 14:53:31.608343 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:32:53.660Z
Updated: 2025-06-03T14:42:26.433Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50865 |
vulnerable | 2026-06-03 14:53:31.607941 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:32:13.376Z
Updated: 2025-06-17T20:29:10.927Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50864 |
vulnerable | 2026-06-03 14:53:31.607582 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:31:24.671Z
Updated: 2025-06-17T20:29:10.800Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50863 |
vulnerable | 2026-06-03 14:53:31.607207 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:30:22.853Z
Updated: 2025-06-17T20:29:10.681Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50862 |
vulnerable | 2026-06-03 14:53:31.606739 |
Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2024-01-04T14:29:39.872Z
Updated: 2025-06-17T20:29:10.566Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.