Name of the Vulnerable Software and Affected Versions:

itsourcecode Online Tour and Travel Management System version 1.0

Description:

A SQL injection issue exists in itsourcecode Online Tour and Travel Management System version 1.0. The manipulation of the `payment type` argument in the `/admin/operations/payment.php` file can lead to SQL injection. This issue is remotely exploitable and the exploit has been publicly disclosed.

Recommendations:

As a temporary workaround, restrict access to the `/admin/operations/payment.php` file to minimize the risk of exploitation.

Sanitize the `payment type` argument to prevent SQL injection attacks.