Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Infoticketing: Unauthenticated Users Can Access Database
CVE-2025-41002
Summary
Infoticketing's database is at risk because an attacker can send a specific request to the system, allowing them to view, change, or even delete data without needing a password. This could lead to sensitive information being compromised or data being altered. Update the affected code to prevent unauthorized access to the database.
Original title
SQL injection vulnerability in Infoticketing. This vulnerability allows
an unauthenticated attacker to retrieve, create, update, and delete the
database by sending a POST request using the 'code'...
Original description
SQL injection vulnerability in Infoticketing. This vulnerability allows
an unauthenticated attacker to retrieve, create, update, and delete the
database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.
an unauthenticated attacker to retrieve, create, update, and delete the
database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.
nvd CVSS4.0
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026