PT-2023-16340 · Sourcecodester · Online Tours & Travels Management System
Haicheng.Zhang
·
Published
2023-01-27
·
Updated
2024-05-17
·
CVE-2023-0534
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Online Tours & Travels Management System version 1.0
Description
A critical issue was found in the system, affecting an unknown part of the file admin/expense report.php. The manipulation of the
to date argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For version 1.0, consider disabling the functionality related to the
to date argument in the admin/expense report.php file until a patch is available. Restrict access to the admin/expense report.php file to minimize the risk of exploitation. Avoid using the to date argument in the affected file until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Tours & Travels Management System