CVE-2023-31945

Name of the Vulnerable Software and Affected Versions Online Travel Agency System version 1.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the id parameter at the "daily expenditure edit.php" endpoint. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For Online Travel Agency System version 1.0, consider disabling access to the "daily expenditure edit.php" endpoint until a patch is available. Additionally, restrict the use of the id parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.