SQL Injection Vulnerability in Online Bus Reservation System by Code-Projects
CVE-2025-4243
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 3 May 2025
Badges
What is CVE-2025-4243?
A vulnerability exists in the Online Bus Reservation System 1.0, specifically in the file /print.php, where improper handling of the ID parameter can lead to SQL injection. This vulnerability allows an attacker to manipulate database queries remotely, potentially compromising the security of the application and its data. The flaw has been publicly disclosed, making it crucial for users to implement safeguards to prevent exploitation.
Affected Version(s)
Online Bus Reservation System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved