CVE-2024-1822 – PHPGurukul Tourism Management System user-bookings.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1822
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link https://vuldb.com/?ctiid.254610 https://vuldb.com/?id.254610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-30930
https://notcve.org/view.php?id=CVE-2022-30930
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). Tourism Management System Versión V 3.2, está afectada por: Un ataque de tipo Cross Site Request Forgery (CSRF) • https://medium.com/%40pmmali/my-second-cve-2022-30930-4f9aab047518 https://www.acunetix.com/vulnerabilities/web/possible-csrf-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-28136
https://notcve.org/view.php?id=CVE-2020-28136
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Es detectada una carga de archivos arbitraria en SourceCodester Tourism Management System versión 1.0, que permite al usuario conducir una ejecución de código remota por medio de una página vulnerable admin/create-package.php • https://phpgurukul.com/tourism-management-system-free-download https://www.exploit-db.com/exploits/48892 • CWE-434: Unrestricted Upload of File with Dangerous Type •