A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://blog.csdn.net/weixin_56393356/article/details/135756616 | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.252034 | Third Party Advisory |
| https://vuldb.com/?id.252034 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Jan 2024, 18:51
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| First Time |
Mayurik
Mayurik online Tours \& Travels Management System |
|
| References | () https://vuldb.com/?id.252034 - Third Party Advisory | |
| References | () https://blog.csdn.net/weixin_56393356/article/details/135756616 - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.252034 - Third Party Advisory | |
| CPE | cpe:2.3:a:mayurik:online_tours_\&_travels_management_system:1.0:*:*:*:*:*:*:* |
25 Jan 2024, 19:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-25 19:15
Updated : 2024-05-17 02:35
NVD link : CVE-2024-0883
Mitre link : CVE-2024-0883
CVE.ORG link : CVE-2024-0883
JSON object : View
Products Affected
mayurik
- online_tours_\&_travels_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')