Phpgurukul: >> Tourism Management System Security Vulnerabilities
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-08-06
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-04-16
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-16
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-02-23
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-14
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVSS Score
8.8
EPSS Score
0.025
Published
2020-11-17