PT-2023-16340 · Sourcecodester · Online Tours & Travels Management System

Haicheng.Zhang

Publicado

2023-01-27

Atualizado

2024-05-17

CVE-2023-0534

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SourceCodester Online Tours & Travels Management System version 1.0

Description A critical issue was found in the system, affecting an unknown part of the file admin/expense report.php. The manipulation of the to date argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the functionality related to the to date argument in the admin/expense report.php file until a patch is available. Restrict access to the admin/expense report.php file to minimize the risk of exploitation. Avoid using the to date argument in the affected file until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-0534

Produtos afetados

Online Tours & Travels Management System

PT-2023-16340 · Sourcecodester · Online Tours & Travels Management System

CVE-2023-0534

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9