CVE-2023-0570

Name of the Vulnerable Software and Affected Versions SourceCodester Online Tours & Travels Management System version 1.0

Description A critical issue was found in the system, affecting the file useroperationspayment operation.php. The manipulation of the booking id argument leads to SQL injection. It is possible to initiate the attack remotely. The issue has been publicly disclosed and may be exploited.

Recommendations For SourceCodester Online Tours & Travels Management System version 1.0, consider restricting access to the payment operation.php file until a patch is available. As a temporary workaround, avoid using the booking id argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.