| タイトル | Campcodes Park Ticketing System v1.0 XSS |
|---|
| 説明 | # Vendor and Software Links
https://www.campcodes.com/projects/php/park-ticketing-system-in-php-mysql-free-download/
https://www.campcodes.com/downloads/park-ticketing-system-in-php-mysql/?wpdmdl=6524&ind=0
# Overview
- Park Ticketing System v1.0 contains a critical security vulnerability related to Cross-Site Scripting (XSS) within the admin_class.php file. The application lacks proper sanitization of user-provided data, enabling attackers to insert harmful scripts. This could result in the execution of arbitrary script code in the browsers of users, potentially compromising their security and privacy on the affected site.
# Details of Vulnerability
- Application Name: Park Ticketing System
- Affected Version: v1.0
- File:admin_class.php
- Function:save_pricing( )
- Vulnerable Parameter: name
# Vulnerability Description
- The 'name' parameter in the admin_class.php file of Park Ticketing System v1.0 is vulnerable to Stored Cross-Site Scripting (XSS). This vulnerability is a result of inadequate input validation and sanitization of user-provided data. An attacker could take advantage of this flaw by injecting malicious scripts into these parameters. Once stored on the server, these scripts may execute when other users access the affected user's profile. |
|---|
| ソース | ⚠️ https://github.com/dobkill/CVE/issues/2 |
|---|
| ユーザー | doublekill182 (UID 93888) |
|---|
| 送信 | 2025年12月27日 08:01 (6 月 ago) |
|---|
| モデレーション | 2025年12月28日 14:09 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338599 [Campcodes Park Ticketing System 1.0 admin_class.php save_pricing name/ride クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|