CVE-2023-4866

Name of the Vulnerable Software and Affected Versions SourceCodester Online Tours & Travels Management System version 1.0

Description A critical issue was found in the system, affecting the exec function of the booking.php file. The manipulation of the id argument leads to SQL injection. This issue can be initiated remotely.

Recommendations For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the exec function in the booking.php file as a temporary workaround to minimize the risk of exploitation. Restrict access to the booking.php file to minimize the risk of SQL injection attacks. Avoid using the id argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.