Online Tour \& Travel Management System
by Mayurik
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0530 | 0.00 | — | 0.01 | Jan 27, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be… | |||
| CVE-2023-0529 | 0.00 | — | 0.01 | Jan 27, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be… | |||
| CVE-2023-0528 | 0.00 | — | 0.01 | Jan 27, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack… | |||
| CVE-2023-0516 | 0.00 | — | 0.01 | Jan 26, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to… | |||
| CVE-2023-0515 | 0.00 | — | 0.01 | Jan 26, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads… | |||
| CVE-2023-0324 | 0.00 | — | 0.19 | Jan 16, 2023 | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack… | |||
| CVE-2022-43050 | 0.00 | — | 0.01 | Nov 7, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-42142 | 0.00 | — | 0.01 | Oct 17, 2022 | Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. | |||
| CVE-2022-41416 | 0.00 | — | 0.01 | Oct 14, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | |||
| CVE-2022-40353 | 0.00 | — | 0.01 | Sep 27, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. | |||
| CVE-2022-40352 | 0.00 | — | 0.01 | Sep 27, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | |||
| CVE-2022-40099 | 0.00 | — | 0.01 | Sep 26, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. | |||
| CVE-2022-40093 | 0.00 | — | 0.01 | Sep 23, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. | |||
| CVE-2022-40092 | 0.00 | — | 0.01 | Sep 23, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. | |||
| CVE-2022-40091 | 0.00 | — | 0.01 | Sep 23, 2022 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. |
- CVE-2023-0530Jan 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be…
- CVE-2023-0529Jan 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be…
- CVE-2023-0528Jan 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack…
- CVE-2023-0516Jan 26, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to…
- CVE-2023-0515Jan 26, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads…
- CVE-2023-0324Jan 16, 2023risk 0.00cvss —epss 0.19
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack…
- CVE-2022-43050Nov 7, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-42142Oct 17, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.
- CVE-2022-41416Oct 14, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.
- CVE-2022-40353Sep 27, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.
- CVE-2022-40352Sep 27, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.
- CVE-2022-40099Sep 26, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.
- CVE-2022-40093Sep 23, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.
- CVE-2022-40092Sep 23, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.
- CVE-2022-40091Sep 23, 2022risk 0.00cvss —epss 0.01
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.
Page 3 of 3