Primary

Context

Ashraf-Kabir Travel Agency SQL Injection Vulnerability in Admin Area

Vulnerability

A SQL injection vulnerability has been identified in the Ashraf-Kabir Travel Agency application, specifically in versions up to commit 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. The issue arises in the admin_area/index.php file, where the edit_pack parameter is manipulated, allowing for remote exploitation. The vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the admin_area/index.php file with the edit_pack parameter. The application will process the request without properly sanitizing the input, allowing for the injection of malicious SQL payloads.

Added: Nov 23, 2025, 10:17 AM

Updated: Nov 23, 2025, 10:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ashraf-Kabir Travel Agency SQL Injection Vulnerability in Admin Area

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating