CVE-2025-4065

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://vuldb.com/?ctiid.306502 Permissions Required VDB Entry
https://vuldb.com/?id.306502 Third Party Advisory VDB Entry
https://vuldb.com/?submit.559478 Third Party Advisory VDB Entry
https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_16.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:scriptandtools:online_traveling_system:1.0:*:*:*:*:*:*:*

History

12 May 2025, 19:35

Type Values Removed Values Added
CWE NVD-CWE-Other
First Time Scriptandtools
Scriptandtools online Traveling System
References () https://vuldb.com/?ctiid.306502 - () https://vuldb.com/?ctiid.306502 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.306502 - () https://vuldb.com/?id.306502 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.559478 - () https://vuldb.com/?submit.559478 - Third Party Advisory, VDB Entry
References () https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_16.html - () https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_16.html - Third Party Advisory
CPE cpe:2.3:a:scriptandtools:online_traveling_system:1.0:*:*:*:*:*:*:*

02 May 2025, 13:53

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en ScriptAndTools Online-Travling-System 1.0. Se ha declarado crítica. Esta vulnerabilidad afecta al código desconocido del archivo /admin/addadvertisement.php. La manipulación genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.

29 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-29 15:15

Updated : 2025-05-12 19:35


NVD link : CVE-2025-4065

Mitre link : CVE-2025-4065

CVE.ORG link : CVE-2025-4065


JSON object : View

Products Affected

scriptandtools

  • online_traveling_system
CWE
CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

NVD-CWE-Other