Cyber Resilience

CVE-2025-45010

MediumPublic PoC

Published: 30 April 2025

Published
30 April 2025
Modified
09 May 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0027 51.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45010 is a medium-severity Command Injection (CWE-77) vulnerability in Phpgurukul Park Ticketing Management System. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

HTML injection vulnerability in the PHPGurukul Park Ticketing Management System web application allows remote attackers to execute arbitrary code (likely JavaScript via XSS) through POST parameters, enabling exploitation of a public-facing application.

Affected Assets

phpgurukul
park ticketing management system
2.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References