CVE-2023-2619 – SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection
https://notcve.org/view.php?id=CVE-2023-2619
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://blog.csdn.net/weixin_43864034/article/details/130596916 https://vuldb.com/?ctiid.228549 https://vuldb.com/?id.228549 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1590 – SourceCodester Online Tours & Travels Management System currency.php exec sql injection
https://notcve.org/view.php?id=CVE-2023-1590
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://blog.csdn.net/weixin_43864034/article/details/129730106 https://vuldb.com/?ctiid.223655 https://vuldb.com/?id.223655 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1589 – SourceCodester Online Tours & Travels Management System approve_delete.php exec sql injection
https://notcve.org/view.php?id=CVE-2023-1589
A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://blog.csdn.net/weixin_43864034/article/details/129729911 https://vuldb.com/?ctiid.223654 https://vuldb.com/?id.223654 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1396 – SourceCodester Online Tours & Travels Management System traveller_details.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1396
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. • https://blog.csdn.net/Dwayne_Wade/article/details/129524104 https://vuldb.com/?ctiid.222983 https://vuldb.com/?id.222983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1391 – SourceCodester Online Tours & Travels Management System ab.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1391
A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://blog.csdn.net/Dwayne_Wade/article/details/129526901 https://vuldb.com/?ctiid.222978 https://vuldb.com/?id.222978 • CWE-434: Unrestricted Upload of File with Dangerous Type •