GCVE - cpe:2.3:a:itechscripts:travelon_express:6.2.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:itechscripts:travelon_express:6.2.2:*:*:*:*:*:*:*

part: a version: 6.2.2 update: *

Vendor	Itechscripts (`6fc7c215-774e-59c5-98ec-bf882413f47f`)
Product	Travelon Express (`862fb922-ef09-553e-9137-cf22cc51307b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4281`	vulnerable	2026-06-03 14:32:18.336289	Details available Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. Published: 2012-08-13T22:00:00.000Z Updated: 2024-08-06T20:35:08.218Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53500 http://www.osvdb.org/81886 http://secunia.com/advisories/49118 http://www.osvdb.org/81884 https://exchange.xforce.ibmcloud.com/vulnerabilities/75540	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2939`	vulnerable	2026-06-03 14:31:55.889278	Details available Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. Published: 2012-05-27T20:00:00.000Z Updated: 2024-08-06T19:50:05.307Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53500 https://exchange.xforce.ibmcloud.com/vulnerabilities/75542 http://www.osvdb.org/81889 http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html http://www.vulnerability-lab.com/get_content.php?id=530	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2938`	vulnerable	2026-06-03 14:31:55.888855	Details available Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. Published: 2012-05-27T20:00:00.000Z Updated: 2024-08-06T19:50:05.079Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53500 https://exchange.xforce.ibmcloud.com/vulnerabilities/75541 http://www.vulnerability-lab.com/get_content.php?id=530 http://osvdb.org/81888 http://www.exploit-db.com/exploits/18871	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Travelon Express

PURL mappings

Vulnerability references

Contribute