PT-2025-47837 · Unknown · Ashraf-Kabir Travel-Agency
Www234
·
Published
2025-11-23
·
Updated
2025-12-04
·
CVE-2025-13545
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3
Description
A security issue exists in ashraf-kabir travel-agency. The manipulation of the
edit pack argument in the /admin area/index.php file leads to SQL injection. This attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, and the vendor did not respond to early disclosure attempts.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ashraf-Kabir Travel-Agency