Restaurant Management System 1.0 XSS / Session Hijack

by Vince
in Blog
Hits: 10943

Disclosure date: 10/24/19

CVE-2019-18415
CVE-2019-18416

Restaurant Management System 1.0 is affected by a cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.  This vulnerability can be exploited with an authenticated and an unauthenticated account.

Read more

Restaurant Management System 1.0 Arbitrary File Upload

by Vince
in Blog
Hits: 8345

Disclosure date: 10/24/19

CVE-2019-18417

Restaurant Management System 1.0 is affected by a vulnerability which allows an authenticated attacker to upload arbitrary files which can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input.

Read more

Hotel and Lodge Management System 1.0 SQLi

by Vince
in Blog
Hits: 128304

Disclosure date: 10/23/19

CVE-2019-18387

Hotel and Lodge Management System is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the Customer, Room, Currency, Room Booking Details, and Tax Details, functions.

Read more