Online Tours & Travels Management System is an online travel management system developed by Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from /admin/update The id parameter of _traveller.php lacks validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal database data.