MEDIUM🇵🇱 Wersja polska

CVE-2025-9924

CVSS 5.5v4.0pub. 2025-09-03upd. 2026-04-29

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Projectworlds Travel Management System

    APP
    Projectworlds
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-51327CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Travel Management System — ominięcie uwierzytelniania

CVE-2020-24203CRITICAL9.8ten sam produkt

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Pro...

CVE-2024-51326HIGH7.5ten sam produkt

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execut...

CVE-2025-9925MEDIUM5.5ten sam produkt

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown proce...

CVE-2025-9926MEDIUM5.5ten sam produkt

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function ...