PT-2023-23540 · Unknown · Online Travel Agency System

Dilillearngent

Publicado

2023-08-17

Atualizado

2023-08-18

CVE-2023-31942

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the description parameter in the "insert.php" endpoint. This enables the attacker to perform unauthorized actions on the system.

Recommendations For Online Travel Agency System version 1.0, consider disabling the description parameter in the "insert.php" endpoint until a patch is available to prevent exploitation. Restrict access to the "insert.php" endpoint to minimize the risk of arbitrary code execution.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-31942

Produtos afetados

Online Travel Agency System

PT-2023-23540 · Unknown · Online Travel Agency System

CVE-2023-31942

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6