7.2

CVE-2025-57642

Exploit

EPSS 2.24%
Veröffentlicht 10.09.2025 00:00:00
Zuletzt bearbeitet 17.10.2025 19:28:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sohamjuhin ≫ Tourism Management System Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.24%	0.842

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/sohamjuhin/Tourism-Management-System/issues/2

Exploit

Issue Tracking

https://github.com/debug-security/CVE/tree/main/CVE-2025-57642

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-57642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57642

EUVD