CVE-2025-4244 MEDIUM

CVE-2025-4244: code-projects Online Bus Reservation System seatlocation.php sql injection

Vendor Code-Projects
Product Online Bus Reservation System
Weakness CWE-89 · SQLi
Published May 3, 2025
Last update May 5, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in code-projects Online Bus Reservation System 1.0. This affects an unknown part of the file /seatlocation.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 3, 2025 CVE published
May 5, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-54058 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint CVE-2025-4226 PHPGurukul/Campcodes Cyber Cafe Management System add-computer.php sql injection CVE-2026-0565 code-projects Content Management System delete.php sql injection CVE-2025-9012 PHPGurukul Online Shopping Portal Project bill-ship-addresses.php sql injection CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection