Bus Ticket Booking System Security Vulnerabilities and Issues — Bus Ticket Booking System CVE List

CodeastroBus Ticket Booking System

3 matches found

CVE•added 2025/04/25 12:0 a.m.•63 views

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is affected by a SQL injection in the /BusTicket-CI/tiket/cekorder endpoint via the kodetiket parameter. Root cause: unsafe handling of the parameter leading to SQL injection. Impact: per CVSS metrics, high for confidentiality, integrity, and availability ...

9.8CVSS7.5AI score0.00454EPSS

Web

CVE•added 2025/04/24 12:0 a.m.•60 views

CVE-2025-25777

CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...

8CVSS7.1AI score0.00234EPSS

CVE•added 2025/04/28 12:0 a.m.•57 views

CVE-2025-25776

Codeastro Bus Ticket Booking System v1.0 is affected by CVE-2025-25776: a Cross-Site Scripting (XSS) flaw in the User Registration and User Profile features caused by insufficient input validation on the Full Name and Address fields. Exploitation could allow arbitrary code execution in these fiel...

5CVSS6.2AI score0.00216EPSS