ADVISORY

Product:- GoFox free Travel tool Sql Injection Vulnerability

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Gofox free travel tool


DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "pid" parameter in "traveltools.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.


SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied