CVE-2025-9155

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/HjsCS/CVE/issues/2 Exploit Issue Tracking
https://itsourcecode.com/ Product
https://vuldb.com/?ctiid.320535 Permissions Required VDB Entry
https://vuldb.com/?id.320535 Third Party Advisory VDB Entry
https://vuldb.com/?submit.630202 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:online_tour_\&_travel_management_system:1.0:*:*:*:*:*:*:*

History

21 Aug 2025, 18:40

Type Values Removed Values Added
First Time Mayurik
Mayurik online Tour \& Travel Management System
References () https://github.com/HjsCS/CVE/issues/2 - () https://github.com/HjsCS/CVE/issues/2 - Exploit, Issue Tracking
References () https://itsourcecode.com/ - () https://itsourcecode.com/ - Product
References () https://vuldb.com/?ctiid.320535 - () https://vuldb.com/?ctiid.320535 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.320535 - () https://vuldb.com/?id.320535 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.630202 - () https://vuldb.com/?submit.630202 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:mayurik:online_tour_\&_travel_management_system:1.0:*:*:*:*:*:*:*

20 Aug 2025, 14:40

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en itsourcecode Online Tour and Travel Management System 1.0. La vulnerabilidad se ve afectada por una función desconocida del archivo /user/forget_password.php. Esta manipulación del argumento "email" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.

19 Aug 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-19 20:15

Updated : 2025-08-21 18:40


NVD link : CVE-2025-9155

Mitre link : CVE-2025-9155

CVE.ORG link : CVE-2025-9155


JSON object : View

Products Affected

mayurik

  • online_tour_\&_travel_management_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')