PT-2025-47302 · Sourcecodester · Train Station Ticketing System
Yuki77
·
Published
2025-11-18
·
Updated
2025-11-18
·
CVE-2025-13344
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Train Station Ticketing System version 1.0
Description
A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the
Username argument within the login functionality, specifically through the file '/ajax.php?action=login'. The attack can be initiated remotely, and an exploit has been publicly released.Recommendations
Apply any available updates to address this vulnerability. As a temporary workaround, consider restricting access to the
/ajax.php?action=login endpoint. Sanitize the Username input to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Train Station Ticketing System