Tourism Management System

tourism_management_system

Vendor: Phpgurukul • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-13247 1Phpgurukul 1Tourism Management System Apr 29, 2026 Nov 16, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injec...Show more A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2024-41333 1Phpgurukul 1Tourism Management System Mar 13, 2025 Aug 6, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the una...Show more A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.Show less
CVE-2024-32256 1Phpgurukul 1Tourism Management System Apr 2, 2025 Apr 16, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are...Show more Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.Show less
CVE-2024-32254 1Phpgurukul 1Tourism Management System Apr 2, 2025 Apr 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are upl...Show more Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.Show less
CVE-2024-1822 1Phpgurukul 1Tourism Management System Dec 6, 2024 Feb 23, 2024 N/A· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cro...Show more A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.Show less
CVE-2022-30930 1Phpgurukul 1Tourism Management System Nov 21, 2024 Jun 14, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2020-28136 1Phpgurukul 1Tourism Management System Nov 21, 2024 Nov 17, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.