Itechscripts Travelon Express vulnerabilities
3 known vulnerabilities affecting itechscripts/travelon_express.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2012-4281P3HIGHCVSS 7.5PoCv6.2.22012-08-13
CVE-2012-4281 [HIGH] CWE-89 CVE-2012-4281: Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute a
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
nvd
CVE-2012-2939P3MEDIUMCVSS 6.5PoCv6.2.22012-05-27
CVE-2012-2939 [MEDIUM] CVE-2012-2939: Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticat
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
nvd
CVE-2012-2938P4MEDIUMCVSS 4.3PoCv6.2.22012-05-27
CVE-2012-2938 [MEDIUM] CWE-79 CVE-2012-2938: Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
nvd