SQL Injection Vulnerability in itsourcecode Online Tours and Travels Management System
CVE-2024-48411

Currently unrated

Key Information:

Vendor: itsourcecode
Status: Online Tours \& Travels Management System
Vendor: CVE Published:; 15 October 2024

🔔 Create itsourcecode Vulnerability Alert

What is CVE-2024-48411?

The itsourcecode Online Tours and Travels Management System version 1.0 is susceptible to SQL Injection, which can be exploited through a specially crafted payload targeting the 'val-email' parameter found in the 'forget_password.php' file. This flaw allows attackers to execute arbitrary SQL queries, potentially compromising the underlying database security, leading to unauthorized access and manipulation of sensitive user data.

References

https://github.com/Comitora/CVEs/blob/main/CVE-2024-48411

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024

JSON