Online Tours & Travels Management System is an online travel management system from Mayuri K. An SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which stems from a lack of validation of external input SQL statements in the id parameter of its /admin/update_currency.php component. An attacker could exploit the vulnerability to obtain sensitive database information.