CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-8983 itsourcecode Online Tour and Travel Management System expense.php sql injection

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...

itsourcecode Online Tour and Travel Management 注入漏洞

itsourcecode Online Tour and Travel Management is itsourcecode open source an online tour and travel management system . An injection vulnerability exists in itsourcecode Online Tour and Travel Management version 1.0, which originates from a SQL injection due to incorrect manipulation of the...

PT-2025-33414 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists due to the improper processing of the file /admin/operations/expense.php. Manipulation of the expense for argument can lead to...

CVE-2024-25210

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/deleteexpense.php...

CVE-2024-25210

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/deleteexpense.php...

CVE-2024-25210

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/deleteexpense.php...

PT-2024-20820 · Unknown · Simple Expense Tracker

Name of the Vulnerable Software and Affected Versions: Simple Expense Tracker version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the expense parameter at the "/endpoint/delete expense.php" API endpoint. Recommendations: For Simp...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

Daily Expense Tracker System Cross-Site Scripting Vulnerability (CNVD-2025-31005)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a cross-site scripting vulnerability that originates from the add-expense.php Item parameter. No details of the vulnerability are available at this time...