VYPR

Express

by Travelon

CVEs (2)

  • CVE-2012-4281Aug 13, 2012
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid…

  • CVE-2012-2939May 27, 2012
    risk 0.03cvss epss 0.04

    Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.