6.3 CVE-2025-9153
Exploit
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used.
https://nvd.nist.gov/vuln/detail/CVE-2025-9153
Categories
CWE-284
References
134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit
| https://github.com/HjsCS/CVE/issues/4 Exploit Issue Tracking |
cna@vuldb.com Exploit
| https://github.com/HjsCS/CVE/issues/4 Exploit Issue Tracking |
| https://itsourcecode.com/ Product |
| https://vuldb.com/?ctiid.320533 Permissions Required VDB Entry |
| https://vuldb.com/?id.320533 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.630200 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:mayurik:online_tour_&_travel_management_system:1.0:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://github.com/HjsCS/CVE/issues/4 |
| https://github.com/HjsCS/CVE/issues/4 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
