| Название | travel-agency web 1 SQL Injection Vulnerability |
|---|
| Описание | Travel Agency v.1.0 is vulnerable to an SQL Injection vulnerability. The code directly concatenates the user-controllable variable $get_id (retrieved from $_GET['edit_pack']) into the SQL statement without any filtering or preprocessing, allowing attackers to construct injection payloads via the edit_pack parameter. |
|---|
| Источник | ⚠️ https://github.com/www223-ai/CVE/blob/main/travel-sql.docx |
|---|
| Пользователь | www234 (UID 92385) |
|---|
| Представление | 07.11.2025 14:52 (5 месяцы назад) |
|---|
| Модерация | 22.11.2025 15:55 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 333312 [ashraf-kabir travel-agency до 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 /admin_area/index.php edit_pack SQL-инъекция] |
|---|
| Баллы | 19 |
|---|