SQL Injection Vulnerability in itsourcecode Online Tours and Travels Management System
CVE-2024-48411

Currently unrated

Key Information:

Vendor
CVE Published:
15 October 2024

What is CVE-2024-48411?

The itsourcecode Online Tours and Travels Management System version 1.0 is susceptible to SQL Injection, which can be exploited through a specially crafted payload targeting the 'val-email' parameter found in the 'forget_password.php' file. This flaw allows attackers to execute arbitrary SQL queries, potentially compromising the underlying database security, leading to unauthorized access and manipulation of sensitive user data.

References

Timeline

  • Vulnerability published

.