Online Tours & Travels Management System is an online travel management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which stems from a missing validation of externally entered SQL statements in the id parameter of the /tour/admin/update_tax.php file. An attacker could use the vulnerability to obtain sensitive database information.