A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
History

Tue, 02 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mayurik
Mayurik online Tour \& Travel Management System
CPEs cpe:2.3:a:mayurik:online_tour_\&_travel_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Mayurik
Mayurik online Tour \& Travel Management System

Tue, 26 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode online Tour And Travel Management System
Vendors & Products Itsourcecode
Itsourcecode online Tour And Travel Management System

Mon, 25 Aug 2025 23:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Title itsourcecode Online Tour and Travel Management System enquiry.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-26T14:22:34.897Z

Reserved: 2025-08-25T09:26:50.777Z

Link: CVE-2025-9425

cve-icon Vulnrichment

Updated: 2025-08-26T14:22:19.072Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-25T23:15:33.213

Modified: 2025-09-02T18:12:57.737

Link: CVE-2025-9425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T07:06:50Z