SQL Injection Vulnerability in Cinema Seat Reservation System by Code Projects
CVE-2025-0340

6.9MEDIUM

Key Information:

Vendor
Code-projects
Status
Cinema Seat Reservation System
Vendor
CVE Published:
9 January 2025

Summary

A security vulnerability has been identified in the Cinema Seat Reservation System developed by Code Projects. This issue arises from insufficient input validation in the /admin/deleteBooking.php file, particularly concerning the id parameter. Attackers can exploit this flaw remotely to execute unauthorized SQL queries, potentially compromising sensitive data and user information. Public disclosure of the exploit has raised concerns about its potential misuse in real-world attacks against affected installations.

Affected Version(s)

Cinema Seat Reservation System 1.0

References

https://vuldb.com/?id.290827
vdb-entrytechnical-description
https://vuldb.com/?ctiid.290827
signaturepermissions-required
https://vuldb.com/?submit.476707
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.