CVE-2025-45011

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Apr 30, 2025
Updated: May 9, 2025
CWE ID 77

Summary

CVE-2025-45011 is a newly discovered HTML Injection vulnerability affecting the PHPGurukul Park Ticketing Management System version 2.0. The vulnerability lies in the foreigner-search.php file and enables remote attackers to inject and execute arbitrary code by manipulating the searchdata POST request parameter. Successful exploitation could lead to unauthorized access or data theft, posing a significant security risk for organizations utilizing this software. It is strongly recommended that users upgrade to the latest version or apply the relevant patches to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share