📦 Online Tour \& Travel Management System

CVE-2025-9425 is a SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 that allows remote attackers to execute arbitrary SQL commands via the pid parameter in /enq...

This CVE describes an SQL injection vulnerability in the Online Tour and Travel Management System 1.0. Attackers can exploit the email parameter in the forget_password.php file to execute arbitrary SQ...

CVE-2025-9154 is an SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 that allows remote attackers to execute arbitrary SQL commands via the email parameter in /...

This vulnerability allows remote attackers to execute SQL injection attacks against the Online Tour and Travel Management System 1.0. By manipulating the 'Name' parameter in the /admin/email_setup.php...

This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'uname' parameter in /admin/sms_setting.php. At...

This SQL injection vulnerability in Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the 'from_date' parameter in /admin/expense_report.php. Attacke...

This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'expense_for' parameter in the /admin/op...

This SQL injection vulnerability in Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the payment_type parameter in /admin/operations/payment.php. At...

This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the email parameter in the login page. Remote atta...

This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'val-username' parameter in the /admin/operatio...

This SQL injection vulnerability in Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the /admin/approve_user.php endpoint. Attackers can potentially...

This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'tname' parameter in the /admin/operations/tax....

This vulnerability allows remote attackers to upload arbitrary files to the Online Tour and Travel Management System 1.0 via the photo parameter in /admin/operations/travellers.php. This can lead to s...