SQL Injection Vulnerability in Travel Management System by Code-Projects
CVE-2025-0229
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 5 January 2025
Badges
What is CVE-2025-0229?
A SQL injection vulnerability exists in the Travel Management System version 1.0, affecting the processing of the file /enquiry.php. This issue allows an attacker to manipulate various arguments (pid/t1/t2/t3/t4/t5/t6/t7) to execute unauthorized SQL commands. As a result, the attack can be initiated remotely, posing a significant security risk. The vulnerability has been publicly disclosed and may be actively exploited by malicious actors.
Affected Version(s)
Travel Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved