3 matches found
CVE-2022-40092
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/updatepayment.php...
CVE-2022-40092
Online Tours & Travels Management System v1.0 contains a SQL injection in the id parameter of /tour/admin/update_payment.php. The issue is a missing input validation in that endpoint, enabling an attacker to manipulate SQL queries and potentially access sensitive data. Documented CVSS v3.1 base s...
CVE-2022-40092
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/updatepayment.php...