CVE-2025-13546 | ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Search /results.php user_query sql injection

A vulnerability classified as critical was found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query results in sql injection.

This vulnerability is reported as CVE-2025-13546. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVE-2025-13546 | ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Search /results.php user_query sql injection

Post correlati

CVE-2023-48643 | Shrubbery tac_plus up to 2.x/3.x/4.0.4.28 Configuration File tac_plus.cfg os command injection

CVE-2024-43495 | Microsoft Windows 11 22H2/11 23H2/Server 2022 23H2 libarchive integer overflow

CVE-2024-25150 | Liferay Portal/DXP Page Title insertion of sensitive information into sent data

CVE-2025-8194 | CPython up to 3.13.x tarfile Module infinite loop (Issue 130577)