Phpgurukul Online Banquet Booking System vulnerabilities

CVE-2025-7926 [MEDIUM] CWE-79 CVE-2025-7926: A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m

CVE-2025-7927 [MEDIUM] CWE-74 CVE-2025-7927: A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as cri A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7925 [MEDIUM] CWE-79 CVE-2025-7925: A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Bo A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument user_login/userpassword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos

CVE-2025-7924 [MEDIUM] CWE-79 CVE-2025-7924: A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public

CVE-2025-45947 [CRITICAL] CWE-94 CVE-2025-45947: An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary co An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component

CVE-2025-2608 [MEDIUM] CWE-74 CVE-2025-2608: A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2382 [MEDIUM] CWE-74 CVE-2025-2382: A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Af A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may

CVE-2023-5303 [MEDIUM] CWE-79 CVE-2023-5303: A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0 A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the ident

CVE-2023-5305 [LOW] CWE-79 Online Banquet Booking System Contact Us Page mail.php cross site scripting Online Banquet Booking System Contact Us Page mail.php cross site scripting A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The iden

CVE-2023-5304 [LOW] CWE-79 Online Banquet Booking System Service Booking book-services.php cross site scripting Online Banquet Booking System Service Booking book-services.php cross site scripting A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The att

CVE-2022-28992 [HIGH] CWE-352 CVE-2022-28992: A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.