Filtered by vendor Phpgurukul Subscriptions
Filtered by product Tourism Management System Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1822 1 Phpgurukul 1 Tourism Management System 2024-12-06 2.4 Low
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.
CVE-2024-32254 1 Phpgurukul 1 Tourism Management System 2024-11-21 8.8 High
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.
CVE-2022-30930 1 Phpgurukul 1 Tourism Management System 2024-11-21 4.3 Medium
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2020-28136 1 Phpgurukul 1 Tourism Management System 2024-11-21 8.8 High
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVE-2024-41333 1 Phpgurukul 1 Tourism Management System 2024-08-08 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.