PT-2023-23541 · Unknown · Online Travel Agency System

Dilillearngent

Published

2023-08-17

Updated

2023-08-18

CVE-2023-31943

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the ticket id parameter at the "ticket detail.php" endpoint. This enables the attacker to potentially access or manipulate sensitive data.

Recommendations For Online Travel Agency System version 1.0, consider disabling the ticket id parameter in the "ticket detail.php" endpoint until a patch is available. Restrict access to the "ticket detail.php" endpoint to minimize the risk of exploitation. Avoid using the ticket id parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-31943

Affected Products

Online Travel Agency System

PT-2023-23541 · Unknown · Online Travel Agency System

CVE-2023-31943

Weakness Enumeration

Related Identifiers

Affected Products

References · 8