SQL Injection Vulnerability in Online-Movie-Ticket-Booking-System 1.0

CVE-2021-44866 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.