ISIC is a web backend for asith-eranga individual developers. asith-eranga ISIC tour booking 2018.02.13 and earlier versions are vulnerable to arbitrary file uploads. The vulnerability stems from a lack of valid validation of uploaded files. An attacker could exploit the vulnerability to upload malicious files to remotely execute arbitrary code.