CVE-2025-45010
Published: 30 April 2025
Summary
CVE-2025-45010 is a medium-severity Command Injection (CWE-77) vulnerability in Phpgurukul Park Ticketing Management System. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-12722
Vulnerability details
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
HTML injection vulnerability in the PHPGurukul Park Ticketing Management System web application allows remote attackers to execute arbitrary code (likely JavaScript via XSS) through POST parameters, enabling exploitation of a public-facing application.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.