cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6471,https://securityvulnerability.io/vulnerability/CVE-2024-6471,SQL Injection Vulnerability in SourceCodester Tours & Travels Management System,"A significant SQL injection vulnerability has been identified in the SourceCodester Online Tours & Travels Management System version 1.0, specifically affecting the sms_setting.php file. This vulnerability arises from inadequate input validation, allowing attackers to manipulate the 'uname' parameter and execute arbitrary SQL queries. As a result, unauthorized users can gain access to sensitive database information, potentially leading to data breaches. The vulnerability can be exploited remotely without requiring local access, making it critical for organizations using this software to apply necessary patches and mitigations to safeguard their data.",Sourcecodester,Online Tours & Travels Management,8.8,HIGH,0.0008699999889358878,false,,false,false,true,2024-07-03T12:31:07.000Z,true,false,false,,2024-07-03T13:31:07.394Z,0
CVE-2024-2168,https://securityvulnerability.io/vulnerability/CVE-2024-2168,SQL Injection Vulnerability in /admin/operations/expense_category.php,A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255678 is the identifier assigned to this vulnerability.,Sourcecodester,Online Tours & Travels Management System,4.7,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-04T21:00:11.000Z,true,false,false,,2024-03-04T21:00:11.431Z,0
CVE-2024-0884,https://securityvulnerability.io/vulnerability/CVE-2024-0884,SourceCodester Online Tours & Travels Management System payment.php exec sql injection,"A vulnerability exists in the SourceCodester Online Tours & Travels Management System 1.0, specifically within the payment.php file, where the exec function is vulnerable to SQL injection attacks. The flaw arises from manipulating the 'id' argument, potentially allowing remote attackers to execute arbitrary SQL commands. This exploitation could lead to unauthorized data access and manipulation within the system. As the issue has been publicly disclosed, immediate attention and remediation are essential to mitigate risks associated with potential attacks.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0012499999720603228,false,,false,false,true,2024-01-25T20:31:04.000Z,true,false,false,,2024-01-25T20:31:04.271Z,0
CVE-2024-0883,https://securityvulnerability.io/vulnerability/CVE-2024-0883,SourceCodester Online Tours & Travels Management System pay.php prepare sql injection,"A vulnerability exists within SourceCodester's Online Tours & Travels Management System version 1.0, specifically affecting the prepare function in the admin/pay.php file. This vulnerability arises from improper handling of the 'id' argument, allowing attackers to execute SQL injection attacks remotely. The implications of this vulnerability are significant, as it can permit unauthorized access to the database and potentially lead to the exposure of sensitive information or modification of data. As it has been publicly disclosed, it is crucial for users and administrators of the affected product to implement immediate remediation measures to mitigate the risks associated with this vulnerability.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0012499999720603228,false,,false,false,true,2024-01-25T19:00:07.000Z,true,false,false,,2024-01-25T19:00:07.377Z,0
CVE-2024-0735,https://securityvulnerability.io/vulnerability/CVE-2024-0735,SourceCodester Online Tours & Travels Management System expense.php exec sql injection,"A vulnerability exists in the SourceCodester Online Tours & Travels Management System version 1.0, where improper sanitization of user inputs in the admin/operations/expense.php file allows for SQL injection attacks. An attacker could exploit this weakness to execute arbitrary SQL commands, potentially leading to unauthorized data access and manipulation. The vulnerability, identified as VDB-251558, may be remotely exploitable, posing significant risks to the affected systems and compromising sensitive user information.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0012499999720603228,false,,false,false,true,2024-01-19T21:00:05.000Z,true,false,false,,2024-01-19T21:00:05.551Z,0
CVE-2023-6765,https://securityvulnerability.io/vulnerability/CVE-2023-6765,SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection,"A SQL injection vulnerability exists in the Online Tours & Travels Management System version 1.0 by SourceCodester. Specifically, the issue arises from the manipulation of an argument in the `email_setup.php` file, severely compromising the integrity of the database. This flaw allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or data manipulation. The disclosure of this vulnerability to the public has raised concerns, necessitating immediate attention to mitigate risks associated with this exploit.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.006039999891072512,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-4866,https://securityvulnerability.io/vulnerability/CVE-2023-4866,SourceCodester Online Tours & Travels Management System booking.php exec sql injection,"A significant vulnerability exists in Version 1.0 of the Online Tours & Travels Management System developed by SourceCodester, whereby improper handling of the 'id' argument in the booking.php file can lead to SQL injection attacks. These attacks enable unauthorized remote access to the database, allowing attackers to execute arbitrary SQL commands. This vulnerability has been made public, increasing the risk of potential exploits targeting the affected system.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-09-10T00:15:00.000Z,0
CVE-2023-2619,https://securityvulnerability.io/vulnerability/CVE-2023-2619,SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection,"A vulnerability has been identified in the SourceCodester Online Tours & Travels Management System, specifically within the exec function of disapprove_delete.php. This security flaw allows an attacker to manipulate the argument 'id' leading to SQL injection, which can be exploited remotely. This issue has been publicly disclosed, increasing the likelihood of exploitation, and highlights the necessity for immediate remediation measures to safeguard users against potential data breaches.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-10T06:15:00.000Z,0
CVE-2023-1590,https://securityvulnerability.io/vulnerability/CVE-2023-1590,SourceCodester Online Tours & Travels Management System currency.php exec sql injection,"A vulnerability exists in the Online Tours & Travels Management System by SourceCodester, where improper handling of user input in the 'admin/operations/currency.php' file allows for SQL injection through the manipulation of the 'id' argument. This can lead to unauthorized access to the database and potential exposure of sensitive information. The vulnerability can be exploited remotely, making it crucial for users to apply necessary security measures swiftly.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.011049999855458736,false,,false,false,false,,,false,false,,2023-03-23T08:15:00.000Z,0
CVE-2023-1589,https://securityvulnerability.io/vulnerability/CVE-2023-1589,SourceCodester Online Tours & Travels Management System approve_delete.php exec sql injection,"A vulnerability exists in the SourceCodester Online Tours & Travels Management System 1.0 that allows attackers to exploit the exec function in the file admin/operations/approve_delete.php. Specifically, manipulation of the 'id' argument could lead to SQL injection attacks, enabling unauthorized access to the database. This vulnerability can be exploited remotely, posing significant security risks to user data and system integrity, and has been publicly disclosed.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.011049999855458736,false,,false,false,false,,,false,false,,2023-03-23T08:15:00.000Z,0
CVE-2023-1396,https://securityvulnerability.io/vulnerability/CVE-2023-1396,SourceCodester Online Tours & Travels Management System traveller_details.php cross site scripting,A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.,SourceCodester,Online Tours & Travels Management System,6.1,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-03-14T15:15:00.000Z,0
CVE-2023-1391,https://securityvulnerability.io/vulnerability/CVE-2023-1391,SourceCodester Online Tours & Travels Management System ab.php unrestricted upload,"A vulnerability exists in the admin/ab.php function of SourceCodester's Online Tours & Travels Management System 1.0, allowing for unrestricted file uploads through manipulation of the 'img' argument. This security flaw could be exploited remotely, enabling attackers to upload potentially malicious files. Public disclosure of the exploit has raised concerns over its use in the wild, emphasizing the need for immediate attention to mitigate risks associated with this vulnerability.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.00215000007301569,false,,false,false,false,,,false,false,,2023-03-14T15:15:00.000Z,0
CVE-2023-0570,https://securityvulnerability.io/vulnerability/CVE-2023-0570,SourceCodester Online Tours & Travels Management System payment_operation.php sql injection,"A significant SQL injection vulnerability exists in the SourceCodester Online Tours & Travels Management System version 1.0, specifically in the user/operations/payment_operation.php file. This vulnerability occurs due to improper handling of the 'booking_id' parameter, allowing attackers to manipulate database queries. The vulnerability can be exploited remotely, making it a serious threat to the integrity and security of the affected systems. Public disclosure of the exploit has occurred, which raises the urgency for organizations to address this vulnerability promptly.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0017600000137463212,false,,false,false,false,,,false,false,,2023-01-29T18:15:00.000Z,0
CVE-2023-0560,https://securityvulnerability.io/vulnerability/CVE-2023-0560,SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection,"A vulnerability exists in SourceCodester's Online Tours & Travels Management System that enables attackers to execute SQL injection via the manipulation of the 'id' argument in the file admin/practice_pdf.php. This flaw allows for unauthorized database access, potentially compromising sensitive user information. Attackers can exploit this vulnerability remotely, highlighting the urgent need for system updates and security patches. The vulnerability has been publicly disclosed, making affected users susceptible to exploitation.",SourceCodester,Online Tours & Travels Management System,7.2,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-01-28T17:15:00.000Z,0
CVE-2023-0561,https://securityvulnerability.io/vulnerability/CVE-2023-0561,SourceCodester Online Tours & Travels Management System s.php sql injection,"A vulnerability has been identified in version 1.0 of the SourceCodester Online Tours & Travels Management System. An unknown function in the /user/s.php file is susceptible to SQL injection, allowing attackers to manipulate the 'id' argument. This issue can be exploited remotely, posing a significant risk to data integrity and confidentiality. The exploit details have been publicly announced, highlighting the urgency for affected users to secure their systems.",SourceCodester,Online Tours & Travels Management System,8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-01-28T17:15:00.000Z,0
CVE-2023-0532,https://securityvulnerability.io/vulnerability/CVE-2023-0532,SourceCodester Online Tours & Travels Management System disapprove_user.php sql injection,A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability.,SourceCodester,Online Tours & Travels Management System,4.7,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0528,https://securityvulnerability.io/vulnerability/CVE-2023-0528,SourceCodester Online Tours & Travels Management System abc.php sql injection,A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability.,SourceCodester,Online Tours & Travels Management System,6.3,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0530,https://securityvulnerability.io/vulnerability/CVE-2023-0530,SourceCodester Online Tours & Travels Management System approve_user.php sql injection,"A SQL injection vulnerability exists in the Online Tours & Travels Management System 1.0, specifically within the file admin/approve_user.php. The issue arises due to improper handling of the 'id' parameter, allowing an attacker to manipulate SQL queries and execute unauthorized commands. This vulnerability can be exploited remotely, posing significant security risks to users and their data. Publicly disclosed exploits may enable threat actors to leverage this weakness for malicious purposes, emphasizing the need for prompt remediation.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.0017600000137463212,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0531,https://securityvulnerability.io/vulnerability/CVE-2023-0531,SourceCodester Online Tours & Travels Management System booking_report.php sql injection,A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.,SourceCodester,Online Tours & Travels Management System,4.7,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0533,https://securityvulnerability.io/vulnerability/CVE-2023-0533,SourceCodester Online Tours & Travels Management System expense_report.php sql injection,"A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.",Sourcecodester,Online Tours & Travels Management System,4.7,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0534,https://securityvulnerability.io/vulnerability/CVE-2023-0534,SourceCodester Online Tours & Travels Management System expense_report.php sql injection,"A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.",SourceCodester,Online Tours & Travels Management System,4.7,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0529,https://securityvulnerability.io/vulnerability/CVE-2023-0529,SourceCodester Online Tours & Travels Management System add_payment.php sql injection,A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability.,SourceCodester,Online Tours & Travels Management System,6.3,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-01-27T11:15:00.000Z,0
CVE-2023-0516,https://securityvulnerability.io/vulnerability/CVE-2023-0516,SourceCodester Online Tours & Travels Management System Parameter forget_password.php sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Online Tours & Travels Management System version 1.0. The issue arises from an inadequate handling of user input in the forget_password.php file, particularly in the parameter management of user email submissions. This flaw could allow malicious actors to manipulate database queries, potentially compromising sensitive information. The public disclosure of the exploit highlights the urgency for users to apply necessary patches to protect against possible exploitation.",SourceCodester,Online Tours & Travels Management System,7.2,HIGH,0.006099999882280827,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-0515,https://securityvulnerability.io/vulnerability/CVE-2023-0515,SourceCodester Online Tours & Travels Management System Parameter forget_password.php sql injection,"A vulnerability exists in the Online Tours & Travels Management System 1.0 that allows an attacker to manipulate the email parameter in the admin/forget_password.php file, leading to SQL injection. This type of attack enables unauthorized access to sensitive database information, as the application fails to properly sanitize input. The exploit has been made public, raising concerns over the potential for exploitation in unsecured implementations.",SourceCodester,Online Tours & Travels Management System,7.2,HIGH,0.008790000341832638,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-0324,https://securityvulnerability.io/vulnerability/CVE-2023-0324,SourceCodester Online Tours & Travels Management System page-login.php sql injection,"A vulnerability exists in the Online Tours & Travels Management System, where improper handling of user input in the admin page leads to SQL injection risks. Specifically, the file admin/page-login.php allows attackers to manipulate the email parameter, potentially compromising the integrity of the database. Due to the remote nature of the exploit, attackers could execute arbitrary SQL commands on the server, posing significant security risks. This vulnerability is publicly disclosed, highlighting the urgent need for affected users to apply security measures.",SourceCodester,Online Tours & Travels Management System,9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2023-01-16T15:15:00.000Z,0