SQL Injection Vulnerability in itsourcecode Online Tours and Travels Management System
CVE-2024-48411
Currently unrated
What is CVE-2024-48411?
The itsourcecode Online Tours and Travels Management System version 1.0 is susceptible to SQL Injection, which can be exploited through a specially crafted payload targeting the 'val-email' parameter found in the 'forget_password.php' file. This flaw allows attackers to execute arbitrary SQL queries, potentially compromising the underlying database security, leading to unauthorized access and manipulation of sensitive user data.