CVE-2023-31939

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the costomer id parameter at the "customer edit.php" endpoint. This enables the attacker to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For Online Travel Agency System version 1.0, consider disabling the costomer id parameter in the "customer edit.php" endpoint until a patch is available to prevent exploitation. Restrict access to the "customer edit.php" endpoint to minimize the risk of arbitrary code execution. Avoid using the costomer id parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.