CVE-2023-31943

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the ticket id parameter at the "ticket detail.php" endpoint. This enables the attacker to potentially access or manipulate sensitive data.

Recommendations For Online Travel Agency System version 1.0, consider disabling the ticket id parameter in the "ticket detail.php" endpoint until a patch is available. Restrict access to the "ticket detail.php" endpoint to minimize the risk of exploitation. Avoid using the ticket id parameter in the affected endpoint until the issue is resolved.