CVE-2025-8966

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0

Description: A vulnerability exists in itsourcecode Online Tour and Travel Management System that affects unknown processing within the /admin/operations/tax.php file. Manipulation of the tname argument can lead to SQL injection. This issue may be exploited remotely, and details of the exploit have been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting access to the /admin/operations/tax.php file until a fix is available. Sanitize the tname input to prevent SQL injection attacks.