VYPR
Vendor

Travelon

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2012-4281Aug 13, 2012
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid…

  • CVE-2012-2939May 27, 2012
    risk 0.03cvss epss 0.04

    Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.