CVE-2025-57642

Published Sep 10, 2025

Last updated 5 months ago

CVSS high 7.2

Overview

Description
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.
Source
cve@mitre.org
NVD status
Analyzed
Products
tourism_management_system

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2025-57642 Shell Upload Vulnerability in Tourism Management System 2.0 Enables Remote Code Execution https://t.co/ba4PoTCWWI

    @VulmonFeeds

    11 Sept 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-57642 A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote co… https://t.co/Ezv4SJ43cI

    @CVEnew

    10 Sept 2025

    555 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.CVE-2025-13247
  2. A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.CVE-2025-4890
  3. A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.CVE-2025-4889
  4. A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVE-2025-0538
  5. A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.CVE-2024-41333

References

Sources include official advisories and independent security research.