本页列出影响 codeastro bus_ticket_booking_system 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-25776 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing. | [email protected] | 5.0 | 0.22% | 2025-04-28 | 2026-06-17 |
| CVE-2025-25775 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | [email protected] | 9.8 | 0.45% | 2025-04-25 | 2026-06-17 |
| CVE-2025-25777 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. | [email protected] | 8.0 | 0.23% | 2025-04-24 | 2026-06-17 |