3 matches found
CVE-2012-2939
CVE-2012-2939 : Travelon Express 6.2.2 contains multiple unrestricted file upload vulnerabilities. Remote authenticated users can execute arbitrary code by uploading a file with an executable extension through one of three endpoints: airline-edit.php, hotel-image-add.php, or hotel-add.php. The ro...
CVE-2012-4281
CVE-2012-4281 affects Travelon Express 6.2.2, which has multiple SQL injection vulnerabilities allowing remote attackers to execute arbitrary SQL via: wit hhid parameter to holiday.php or holiday_book.php, id parameter to pages.php, fid parameter to admin/airline-edit.php, or cid parameter to adm...
CVE-2012-2938
CVE-2012-2938 describes multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2. The flaws allow remote attackers to inject arbitrary web script or HTML via the holiday name field in both holiday_add.php and holiday_view.php. The root cause is unvalidated input in the affect...