CVE-2025-25776

Codeastro Bus Ticket Booking System v1.0 is affected by CVE-2025-25776: a Cross-Site Scripting (XSS) flaw in the User Registration and User Profile features caused by insufficient input validation on the Full Name and Address fields. Exploitation could allow arbitrary code execution in these fiel...

PT-2025-18036 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical vulnerability was found in the CodeAstro Membership Management System. This issue affects unknown code of the file "renew.php?id=6". The manipulation of the ID argumen...

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

CodeAstro Bus Ticket Booking System SQL注入漏洞

CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in Codeastro Bus Ticket Booking System version 1.0, which originates from a SQL injection in the kodetiket parameter...

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is affected by a SQL injection in the /BusTicket-CI/tiket/cekorder endpoint via the kodetiket parameter. Root cause: unsafe handling of the parameter leading to SQL injection. Impact: per CVSS metrics, high for confidentiality, integrity, and availability ...

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

PT-2025-17857 · Unknown · Codeastro Bus Ticket Booking System

Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

CVE-2025-25777

CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...

CodeAstro Bus Ticket Booking System 安全漏洞

CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in CodeAstro Bus Ticket Booking System version 1.0, which stems from an insecure direct object reference that could lead to unauthorized access to user data...

CodeAstro Internet Banking System 安全漏洞

CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A security vulnerability exists in CodeAstro Internet Banking System version 2.0.0, which originates from improper handling of the parameter name in /admin/pagesaccount.php, which could lead to a cross-site scripting...

CodeAstro Internet Banking System 安全漏洞

CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A security vulnerability exists in CodeAstro Internet Banking System version 2.0.0, which stems from improper file upload validation and could lead to remote code execution...

📄 CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting

CodeAstro Online Railway Reservation System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link:...

CodeAstro Internet Banking System 安全漏洞

CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A security vulnerability exists in CodeAstro Internet Banking System version 2.0.0, which is caused by stored cross-site scripting in the name parameter...

CVE-2025-3205

A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...