A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
History

Tue, 02 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mayurik
Mayurik online Tour \& Travel Management System
CPEs cpe:2.3:a:mayurik:online_tour_\&_travel_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Mayurik
Mayurik online Tour \& Travel Management System

Tue, 26 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 26 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode online Tour And Travel Management System
Vendors & Products Itsourcecode
Itsourcecode online Tour And Travel Management System

Mon, 25 Aug 2025 23:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
Title itsourcecode Online Tour and Travel Management System package.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-26T20:21:02.956Z

Reserved: 2025-08-25T09:26:53.000Z

Link: CVE-2025-9426

cve-icon Vulnrichment

Updated: 2025-08-26T20:20:40.172Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-25T23:15:33.543

Modified: 2025-09-02T18:13:15.540

Link: CVE-2025-9426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T07:06:50Z