Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

Related CVEs

CVE-2023-48687

Key Information

GHSA ID

GHSA-pmf2-6gj8-f3p8

Published

December 21, 2023 9:30 PM

Last Modified

December 21, 2023 9:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.