itsourcecode Online Tour and Travel Management System
0 remedies
cpe:2.3:a:online_tours_and_travels_management_system_project:online_tours_and_travels_management_system:*:*:*:*:*:*:*
0 remedies
- 1.0
Itsourcecode Online Tour and Travel Management System SQL Injection Vulnerability in Enquiry.php
Vulnerability
A critical SQL injection vulnerability has been identified in the Online Tour and Travel Management System version 1.0, specifically within the enquiry.php file. The issue arises from inadequate validation of user input in the 'pid' parameter, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication, potentially leading to unauthorized database access, data modification or deletion, and exposure of sensitive information.
Impact
Exploitation of this vulnerability allows for SQL injection, with potential impacts including unauthorized database access, data manipulation, and access to sensitive information.
Reproduction
The vulnerability can be reproduced by sending a crafted request to the enquiry.php file with a manipulated 'pid' parameter. This can be done using a variety of SQL injection techniques, such as boolean-based blind, error-based, time-based blind, or UNION query injections. Tools like sqlmap can automate this process.
Remediation
No specific remediation measures are known for this vulnerability.
Added: Aug 25, 2025, 11:18 PM
Updated: Aug 25, 2025, 11:18 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
7.5exploitability
9.1remediation
0.0relevance
0.4threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.