CVE-2025-0340
Published: 09 January 2025
Description
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0340 is a critical SQL injection vulnerability in code-projects Cinema Seat Reservation System 1.0. The issue resides in an unknown functionality of the file /admin/deleteBooking.php, where manipulation of the "id" argument triggers the injection. Published on 2025-01-09, it has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is linked to CWEs-74 and CWE-89.
The vulnerability enables remote exploitation by unauthenticated attackers requiring low attack complexity and no user interaction. Exploitation can result in low-level impacts to confidentiality, integrity, and availability. An exploit has been publicly disclosed and may be actively used.
Advisories and details are available via VulDB at https://vuldb.com/?ctiid.290827, https://vuldb.com/?id.290827, and https://vuldb.com/?submit.476707, as well as the project site at https://code-projects.org/. No specific patch or mitigation guidance is outlined in the initial disclosure.
Details
- CWE(s)