Www234

**Name of the Vulnerable Software and Affected Versions** ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 **Description** A flaw exists in ashraf-kabir travel-agency. The issue involves unrestricted upload capabilities due to manipulation of an unknown function within the `/customer register.php` file. This allows for remote execution of the attack. The exploit is publicly available. The vendor was notified but did not respond. The product uses a rolling release model, so specific version details for fixes are unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 **Description** A security issue exists in ashraf-kabir travel-agency. The manipulation of the `edit pack` argument in the `/admin area/index.php` file leads to SQL injection. This attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, and the vendor did not respond to early disclosure attempts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ashraf-kabir travel-agency (affected versions not specified) **Description** A SQL injection issue exists in the Search component, specifically within the `/results.php` file. The `user query` argument is susceptible to manipulation, allowing for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.