Quad

**Name of the Vulnerable Software and Affected Versions** Airline Reservation System version 1.0 **Description** A critical issue has been found in the Airline Reservation System, affecting the /index.php file. The manipulation of the `page` argument leads to file inclusion. This issue can be exploited remotely. **Recommendations** For Airline Reservation System version 1.0, as a temporary workaround, consider restricting access to the /index.php file until a patch is available. Avoid using the `page` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Airline Reservation System version 1.0 **Description** A critical issue affects the processing of the file /admin/index.php, where the manipulation of the `page` argument leads to file inclusion. This can be initiated remotely. **Recommendations** For Airline Reservation System version 1.0, consider restricting access to the /admin/index.php file until a fix is available. As a temporary workaround, avoid using the `page` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Airline Reservation System version 1.0 **Description** A critical issue has been found in the Airline Reservation System, affecting the Admin Login Page. Specifically, the function `login/login2` of the file `/admin/login.php` is vulnerable. The manipulation of the `username` argument leads to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For Airline Reservation System version 1.0, as a temporary workaround, consider disabling the `login/login2` function until a patch is available. Restrict access to the `/admin/login.php` file to minimize the risk of exploitation. Avoid using the `username` argument in the affected login functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Airline Reservation System version 1.0 **Description** A critical issue was found in the Airline Reservation System, affecting an unknown functionality of the file flights.php. The manipulation of the `departure airport id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Airline Reservation System version 1.0, as a temporary workaround, consider restricting access to the `flights.php` file or disabling the functionality that uses the `departure airport id` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Airline Reservation System version 1.0 **Description** A critical issue has been found in the itsourcecode Airline Reservation System, where the `save settings` function in the `admin/admin class.php` file is affected. The manipulation of the `img` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For itsourcecode Airline Reservation System version 1.0, consider disabling the `save settings` function in the `admin/admin class.php` file until a patch is available to prevent unrestricted upload. Restrict access to the `admin/admin class.php` file to minimize the risk of exploitation. Avoid using the `img` argument in the affected function until the issue is resolved.