[{"vendor":"phpgurukul","product":"boat_booking_system","defaultStatus":"unknown","cpes":["cpe:2.3:a:phpgurukul:boat_booking_system:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]

{"timestamp":"2024-10-21T13:52:25.572266Z","id":"CVE-2024-10153","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"PHPGurukul","product":"Boat Booking System","modules":["Book a Boat Page"],"versions":[{"version":"1.0","status":"affected"}]}]

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CWE-74

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
     *cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*

https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md No Types Assigned

https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md Exploit, Third Party Advisory

https://phpgurukul.com/ No Types Assigned

https://phpgurukul.com/ Product

https://vuldb.com/?ctiid.280939 No Types Assigned

https://vuldb.com/?ctiid.280939 Permissions Required, Third Party Advisory, VDB Entry

https://vuldb.com/?id.280939 No Types Assigned

https://vuldb.com/?id.280939 Third Party Advisory, VDB Entry

https://vuldb.com/?submit.425365 No Types Assigned

https://vuldb.com/?submit.425365 Third Party Advisory, VDB Entry

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

VulDB CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

VulDB AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

VulDB (AV:N/AC:L/Au:S/C:P/I:P/A:P)

VulDB CWE-89

VulDB https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md [No types assigned]

VulDB https://phpgurukul.com/ [No types assigned]

VulDB https://vuldb.com/?ctiid.280939 [No types assigned]

VulDB https://vuldb.com/?id.280939 [No types assigned]

VulDB https://vuldb.com/?submit.425365 [No types assigned]