Carmelo Vulnerabilities

This vulnerability allows an attacker to inject malicious scripts into the Simple Flight Ticket Booking System, potentially stealing sensitive information from users who visit the affected page. The attack can be carried out remotely, meaning the attacker doesn't need direct access to the system to exploit it.

An attacker can exploit a vulnerability in the student web portal to manipulate user data and execute unauthorized SQL commands, potentially gaining access to sensitive information in the database. This attack can be carried out remotely, meaning the attacker does not need physical access to the system, and the exploit details are publicly available.

An attacker can remotely manipulate a specific part of the student web portal's signup process to execute unauthorized SQL commands, potentially gaining access to sensitive data in the database. This vulnerability occurs when the system improperly handles user input during password validation, making it easier for attackers to exploit.

An attacker can remotely manipulate a search query in the Simple Flight Ticket Booking System, allowing them to execute unauthorized SQL commands and potentially access or alter sensitive data in the database. This vulnerability occurs due to improper handling of user input in the SearchResultRoundtrip.php file.

This vulnerability allows an attacker to remotely manipulate a specific part of the flight booking system to execute unauthorized SQL commands, potentially exposing or altering sensitive data in the database. The issue arises from improper handling of user input in the SearchResultOneway.php file, making it crucial for system administrators to patch this flaw to prevent exploitation.

This vulnerability allows an attacker to manipulate the flight number in the booking system, potentially gaining unauthorized access to the database and extracting sensitive information. The attack can be carried out remotely, meaning the attacker doesn't need to be on the same network as the system to exploit it.

This vulnerability allows an attacker to manipulate the database by injecting malicious SQL code through the modal_edit.php file, potentially exposing sensitive information or altering data. The attacker needs access to the web application and must exploit the input fields that interact with the database.

This vulnerability allows an attacker to manipulate the database of the Simple Student Alumni System by injecting malicious SQL code through the teacherID parameter in the URL. To exploit this, the attacker only needs to access the specific page with a crafted URL, potentially exposing sensitive data or altering records.