Online Tours And Travels Management System is an online tour management system. v1.0 of Online Tours And Travels Management System is vulnerable to SQL injection, which originates from /admin/operations/tax. The tname parameter in php lacks validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.