vendor:
Ticket-Booking
by:
Cakes
8.8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Ticket-Booking
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE: N/A
CPE: a:abhijeet_muneshwar:ticket-booking
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: CentOS 7
2019
Ticket-Booking 1.4 – Authentication Bypass
Easy authentication bypass vulnerability on this ticket booking application allowing the attacker to remove any previously booked seats. Simply replay the below Burp request or use Curl (remember to change the Cookie Values)
Mitigation:
Ensure that authentication is properly implemented and that user input is properly validated.
