HjsCS/CVE

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-9155 ↗	Aug 19, 2025Tuesday, 19 August 2025, 20:15	7.3 HIGH	7.5 HIGH
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9153 ↗	Aug 19, 2025Tuesday, 19 August 2025, 19:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2025-9154 ↗	Aug 19, 2025Tuesday, 19 August 2025, 19:15	7.3 HIGH	7.5 HIGH
A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.