PT-2023-23542 · Unknown · Online Travel Agency System

Dilillearngent

Publicado

2023-08-17

Atualizado

2023-08-18

CVE-2023-31944

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the emp id parameter at the "employee edit.php" endpoint. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For Online Travel Agency System version 1.0, consider disabling access to the "employee edit.php" endpoint until a patch is available. As a temporary workaround, restrict the use of the emp id parameter in this endpoint to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-31944

Produtos afetados

Online Travel Agency System

PT-2023-23542 · Unknown · Online Travel Agency System

CVE-2023-31944

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8