ashraf-kabir travel-agency index.php sql injection_CVE-2025-13545

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13545

Source VulDB

Published Nov 23, 2025 at 10:02

Affected Product

Vendor ashraf-kabir

Product travel-agency

Version 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3

Affected Versions ashraf-kabir travel-agency 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-11-23T10:02:05.173Z",
    "modified": "2025-11-23T10:02:05.173Z",
    "type": "cve",
    "title": "ashraf-kabir travel-agency index.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333312\nhttps://vuldb.com/?ctiid.333312\nhttps://vuldb.com/?submit.690978\nhttps://github.com/www223-ai/CVE/blob/main/travel-sql.docx",
    "id": "CVE-2025-13545",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "ashraf-kabir travel-agency 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "travel-agency",
    "version": "1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3",
    "vendor": "ashraf-kabir",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}