CVE-2025-13544

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3

Description A flaw exists in ashraf-kabir travel-agency. The issue involves unrestricted upload capabilities due to manipulation of an unknown function within the /customer register.php file. This allows for remote execution of the attack. The exploit is publicly available. The vendor was notified but did not respond. The product uses a rolling release model, so specific version details for fixes are unavailable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-13544

Affected Products

Ashraf-Kabir Travel-Agency

CVE-2025-13544

Weakness Enumeration

Related Identifiers

Affected Products

References · 12