7.3 CVE-2025-9154
Exploit
A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
https://nvd.nist.gov/vuln/detail/CVE-2025-9154
Categories
CWE-74
References
134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit
| https://github.com/HjsCS/CVE/issues/3 Exploit Issue Tracking |
cna@vuldb.com Exploit
| https://github.com/HjsCS/CVE/issues/3 Exploit Issue Tracking |
| https://itsourcecode.com/ Product |
| https://vuldb.com/?ctiid.320534 Permissions Required VDB Entry |
| https://vuldb.com/?id.320534 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.630201 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:mayurik:online_tour_&_travel_management_system:1.0:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://github.com/HjsCS/CVE/issues/3 |
| https://github.com/HjsCS/CVE/issues/3 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
