PT-2025-47307 · Sourcecodester · Train Station Ticketing System
Yuki77
·
Published
2025-11-18
·
Updated
2025-11-18
·
CVE-2025-13347
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Train Station Ticketing System version 1.0
Description
A flaw exists in SourceCodester Train Station Ticketing System. The issue affects unknown code within the
/ajax.php?action=save user file. Manipulation of the Username argument can lead to SQL injection. The attack can be launched remotely. An exploit has been published.Recommendations
Apply any available updates to address the issue. As a temporary workaround, restrict or carefully validate the
Username input to the /ajax.php?action=save user endpoint.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Train Station Ticketing System