CVE-2025-0229

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 5, 2025
Updated: Jan 10, 2025
CWE ID 74
CWE ID 89

Summary

CVE-2025-0229 is a critical vulnerability affecting the Travel Management System 1.0. An attacker can exploit this issue by manipulating the argument pid/t1/t2/t3/t4/t5/t6/t7 in the file /enquiry.php. This leads to SQL injection, allowing the attacker to execute unauthorized queries and potentially gain unauthorized access to sensitive information. The vulnerability can be exploited remotely, meaning an attacker does not need to have physical access to the system to launch an attack. The exploit for this vulnerability has been disclosed to the public, increasing the risk of widespread exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • TRAVEL MANAGEMENT SYSTEM

Affected Vendors

  • Code Projects