CVE-2023-0560 MEDIUM

CVE-2023-0560: SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection

Vendor Sourcecodester
Product Online Tours & Travels Management System
Weakness CWE-89 · SQLi
Published January 28, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability.

Key dates

02Disclosure timeline

January 28, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9771 SourceCodester Eye Clinic Management System search_index_Diagnosis.php sql injection CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php CVE-2026-3487 itsourcecode College Management System class-result.php sql injection CVE-2026-10237 SourceCodester Water Billing Management System User Management manage_user sql injection CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin