exploitDog

CVE-2025-45010

Опубликовано: 30 апр. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.

Ссылки

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Park-Ticketing-Management-System-Project/normal-bwdates-reports-details-html-injection.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:park_ticketing_management_system:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00123

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-f27c-q8cq-2ffp

CVSS3: 5.3

github

9 месяцев назад

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.

EPSS

Процентиль: 32%

0.00123

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-77