Online Travel Agency System is an online travel agency system. A SQL injection vulnerability exists in Online Travel Agency System v1.0, which originates from a lack of validation of the article_edit.php parameter page_id against an externally-entered SQL statement. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.