MEDIUM🇬🇧 English

CVE-2025-9925

CVSS 5.5v4.0pub. 2025-09-03upd. 2026-04-29

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Projectworlds Travel Management System

    APP
    Projectworlds
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2024-51327CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Travel Management System — ominięcie uwierzytelniania

CVE-2020-24203CRITICAL9.8ten sam produkt

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Pro...

CVE-2024-51326HIGH7.5ten sam produkt

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execut...

CVE-2025-9924MEDIUM5.5ten sam produkt

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unkno...

CVE-2025-9926MEDIUM5.5ten sam produkt

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function ...