CVE-2023-1391

Name of the Vulnerable Software and Affected Versions SourceCodester Online Tours & Travels Management System version 1.0

Description A vulnerability was found in the SourceCodester Online Tours & Travels Management System, allowing for unrestricted upload due to the manipulation of the img argument in an unknown function of the file admin/ab.php. This issue can be exploited remotely.

Recommendations For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the upload functionality related to the img argument until a patch is available to prevent unrestricted file uploads. Restrict access to the admin/ab.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.