Hjscs

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability exists in itsourcecode Online Tour and Travel Management System that allows for unrestricted file upload. The issue affects unknown code within the `/admin/operations/travellers.php` file. The `photo` argument can be manipulated to achieve this. The attack can be launched remotely. The exploit is publicly available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A flaw exists in the processing of the `/user/page-login.php` file within the itsourcecode Online Tour and Travel Management System. Manipulation of the `email` argument can lead to SQL injection. The issue can be exploited remotely. The exploit has been published. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in the /user/forget password.php file due to manipulation of the `email` argument. This manipulation occurs within an unknown function. The attack can be launched remotely, and the exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the /user/forget password.php file until a fix is available. Sanitize the `email` input parameter to prevent SQL injection attacks.