| Título | travel-agency web 1 SQL Injection Vulnerability |
|---|
| Descripción | Travel Agency v.1.0 is vulnerable to an SQL Injection vulnerability. The code directly concatenates the user-controllable variable $get_id (retrieved from $_GET['edit_pack']) into the SQL statement without any filtering or preprocessing, allowing attackers to construct injection payloads via the edit_pack parameter. |
|---|
| Fuente | ⚠️ https://github.com/www223-ai/CVE/blob/main/travel-sql.docx |
|---|
| Usuario | www234 (UID 92385) |
|---|
| Sumisión | 2025-11-07 14:52 (hace 5 meses) |
|---|
| Moderación | 2025-11-22 15:55 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 333312 [ashraf-kabir travel-agency hasta 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 /admin_area/index.php edit_pack inyección SQL] |
|---|
| Puntos | 19 |
|---|