78 matches found
CVE-2024-41333
A reflected cross-site scripting XSS vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter...
CVE-2025-13247
CVE-2025-13247 affects PHPGurukul Tourism Management System 1.0. The vulnerability is an SQL injection in an unknown function of the file /admin/user-bookings.php, caused by manipulation of the uid argument. It can be exploited remotely, and an exploit has been publicly released. Remediation guid...
EUVD-2020-20622
Malware in sbrugna...
EUVD-2024-39012
Malicious code in bioql PyPI...
EUVD-2025-1747
Malicious code in bioql PyPI...
EUVD-2025-27595
Malicious code in bioql PyPI...
Tourism Management System 2.0 - Arbitrary Shell Upload
Exploit Title: Tourism Management System 2.0 - Arbitrary Shell Upload Date: 2025-10-09 Exploit Author: Debug Security Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/sohamjuhin/Tourism-Management-System Version: v2.0 Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56 CVE:...
CVE-2025-57642
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...
CVE-2025-57642
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...
CVE-2025-57642
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...
PT-2025-37078
Name of the Vulnerable Software and Affected Versions: Tourism Management System version 2.0 Description: A shell upload issue exists in Tourism Management System 2.0, allowing an attacker to upload and execute arbitrary PHP shell scripts on the server. Successful exploitation can lead to remote...
CVE-2025-57642
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...
Tourism-Management-System 安全漏洞
Tourism-Management-System is a visitor management system from the individual developers of SOHAM DAS. A security vulnerability exists in Tourism-Management-System version 2.0 that originates from a shell upload and could lead to remote code execution...
CVE-2025-57642
CVE-2025-57642 affects Tourism Management System 2.0 with a shell-upload vulnerability that allows uploading and executing PHP shells, enabling remote code execution and unauthorized access. CVSS v3.1 metrics indicate Network access, Low attack complexity, Privileges required: High, with Confiden...
CVE-2025-0538
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack...
CVE-2024-32256
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image...
CVE-2024-32254
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image...
CVE-2022-30930
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery CSRF...
CVE-2025-4890
A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement...
CVE-2025-4889
A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to...