CVE-2025-45019 — SQL Injection in Park Ticketing Management System

CWE-89 — SQL Injection CWE-667 — Improper Locking4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 44.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Park Ticketing Management System

Timeline

PublishedApr 30

Description

A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/park_ticketing_management_system2.0

🔴Vulnerability Details

GHSA

GHSA-m9f8-pw74-6fjf: A SQL injection vulnerability was discovered in /add-foreigners-ticket↗2025-04-30

▶

CVEList

CVE-2025-45019: A SQL injection vulnerability was discovered in /add-foreigners-ticket↗2025-04-30

▶

📋Vendor Advisories

Microsoft

net/mlx5e: Take state lock during tx timeout reporter↗2024-09-10

▶