Required CVE Record Information
Description
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035.
CVSS 3 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 4.7 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| 4.7 | MEDIUM | 3.0 | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| 5.8 | — | 2.0 | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Credits
- shanzhengchen (VulDB User) reporter
References 3 Total
- https://vuldb.com/?id.252035 vdb-entrytechnical-description
- https://vuldb.com/?ctiid.252035 signaturepermissions-required
- https://blog.csdn.net/Q_M_0_9/article/details/135846415 exploit
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- https://vuldb.com/?id.252035 vdb-entrytechnical-descriptionx_transferred
- https://vuldb.com/?ctiid.252035 signaturepermissions-requiredx_transferred
- https://blog.csdn.net/Q_M_0_9/article/details/135846415 exploitx_transferred