Headline
CVE-2023-0283: cve-list/Online Flight Booking Management System review_search.md at master · qyhmsys/cve-list
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability.
Permalink
Cannot retrieve contributors at this time
Online Flight Booking Management System review_search.php has SQLinject.md
Download the source code from
https://www.sourcecodester.com/php/15865/online-flight-booking-management-system-using-php-and-mysql-free-source-code.html
line: 9
The POST parameter txtsearch is received and assigned to $txtsearch
line: 172-186
<?php
$event_query = $conn->query("select * from sub_event where event_name like '%$txtsearch%'") or die(mysql_error());
$menum_row = $event_query->rowcount();
if( $menum_row > 0){ ?>
<h3>Sub Events</h3>
<?php
while ($event_row = $event_query->fetch())
{
$search_mainevent_id=$event_row['mainevent_id'];
$search_subevent_id=$event_row['subevent_id'];
?>
Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system.
Use burpsuite for vulnerability verification:
Use sqlmap for vulnerability verification: