7.3 CVE-2025-9155
Exploit
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
https://nvd.nist.gov/vuln/detail/CVE-2025-9155
Categories
CWE-74
References
cna@vuldb.com Exploit
| https://github.com/HjsCS/CVE/issues/2 Exploit Issue Tracking |
| https://itsourcecode.com/ Product |
| https://vuldb.com/?ctiid.320535 Permissions Required VDB Entry |
| https://vuldb.com/?id.320535 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.630202 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:mayurik:online_tour_&_travel_management_system:1.0:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://github.com/HjsCS/CVE/issues/2 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
