PT-2023-23536 · Unknown · Online Travel Agency System

Dilillearngent

Publicado

2023-08-17

Atualizado

2024-10-07

CVE-2023-31938

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the emp id parameter at the "employee detail.php" endpoint. This enables the attacker to potentially access or manipulate sensitive data.

Recommendations For Online Travel Agency System version 1.0, consider disabling the emp id parameter in the "employee detail.php" endpoint until a patch is available to prevent exploitation. Restrict access to the "employee detail.php" endpoint to minimize the risk of arbitrary code execution.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-31938

Produtos afetados

Online Travel Agency System

PT-2023-23536 · Unknown · Online Travel Agency System

CVE-2023-31938

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7