CVE-2025-55444 | THREATINT

Description

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-20 | Updated 2025-08-21 | Assigner mitre

References

gist.github.com/...adambala/88c6065f1de1597be96e50a573cde56e

github.com/...Online-Artwork-and-Fine-Arts-MCA-Major-Project

github.com/...eports/security/advisories/GHSA-r4mf-mr9h-f27m

github.com/...Reports/blob/main/CVE-2025-55444_Disclosure.md

cve.org (CVE-2025-55444)

nvd.nist.gov (CVE-2025-55444)

Download JSON