Expedia Clone
Monthly
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.