SQL Injection Vulnerability in Codeastro Bus Ticket Booking System
CVE-2025-25775

Currently unrated

Key Information:

Vendor: Codeastro
Status: Bus Ticket Booking System
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-25775?

The Codeastro Bus Ticket Booking System version 1.0 contains a SQL injection vulnerability which can be exploited through the 'kodetiket' parameter in the /BusTicket-CI/tiket/cekorder endpoint. This flaw allows an attacker to execute arbitrary SQL queries, potentially compromising the database's contents and integrity. Proper input validation and parameterized queries are crucial to mitigate the risks associated with this vulnerability.

References

https://codeastro.com/bus-ticket-booking-system-in-php-co...

https://github.com/arunmodi/Vulnerability-Research/tree/m...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025