CVE-2025-55444

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Online Artwork and Fine Arts MCA Project version 1.0

Description: A SQL injection vulnerability exists in the id2 parameter of the cancel booking.php page. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution.

Recommendations: Apply input validation and sanitization to the id2 parameter in the cancel booking.php page to prevent the injection of malicious SQL queries.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-20

Related Identifiers

CVE-2025-55444

GHSA-R4MF-MR9H-F27M

Affected Products

Online Artwork/Fine Arts Mca Project

CVE-2025-55444

Weakness Enumeration

Related Identifiers

Affected Products

References · 9