A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.
References
Link | Resource |
---|---|
https://github.com/linmoren/online-tours-travels-management-system/blob/main/tototo_date.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.219600 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.219600 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Feb 2023, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://vuldb.com/?ctiid.219600 - Permissions Required, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.219600 - Permissions Required, Third Party Advisory | |
References | (MISC) https://github.com/linmoren/online-tours-travels-management-system/blob/main/tototo_date.md - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:online_tours_\&_travels_management_system_project:online_tours_\&_travels_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Online Tours \& Travels Management System Project online Tours \& Travels Management System
Online Tours \& Travels Management System Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
27 Jan 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-27 11:15
Updated : 2024-04-11 01:17
NVD link : CVE-2023-0531
Mitre link : CVE-2023-0531
CVE.ORG link : CVE-2023-0531
JSON object : View
Products Affected
online_tours_\&_travels_management_system_project
- online_tours_\&_travels_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')