First published: Thu Feb 03 2022(Updated: )
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Projectworlds Online Movie Ticket Booking System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44866 is a vulnerability in Online-Movie-Ticket-Booking-System 1.0 that allows an attacker to extract sensitive information from the database by appending SQL queries to the 'id' parameter in the file about.php.
CVE-2021-44866 has a severity rating of 7.5 (High).
Online-Movie-Ticket-Booking-System version 1.0 is affected by CVE-2021-44866.
An attacker can exploit CVE-2021-44866 by appending SQL queries to the 'id' parameter in the file about.php to extract sensitive information from the database.
There is no specific fix mentioned for CVE-2021-44866. It is recommended to validate and sanitize user input to prevent SQL injection attacks.