CVE-2025-41002
SQL Injection in Infoticketing Cart Component Enables Database Manipulation
Publication date: 2026-02-23
Last updated on: 2026-02-23
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| infoticketing | infoticketing | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-41002 is a critical SQL injection vulnerability in Infoticketing, a system used for managing event tickets.'}, {'type': 'paragraph', 'content': "This vulnerability allows an unauthenticated attacker to perform unauthorized database operationsβincluding retrieving, creating, updating, and deleting dataβby sending a specially crafted POST request using the 'code' parameter to the endpoint '/components/cart/cartApplyDiscount.php'."}, {'type': 'paragraph', 'content': 'It is classified under CWE-89 (SQL Injection) and has a CVSS v4.0 base score of 9.3, indicating a high severity.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an unauthenticated attacker to fully manipulate the database of the Infoticketing system.
- Attackers can retrieve sensitive data stored in the database.
- Attackers can create, update, or delete database records, potentially causing data loss or corruption.
- Since no authentication is required, the attack can be performed remotely and without user interaction.
Such unauthorized access and manipulation can disrupt business operations, compromise user data, and damage the integrity and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for suspicious POST requests targeting the endpoint '/components/cart/cartApplyDiscount.php' with the 'code' parameter."}, {'type': 'paragraph', 'content': "A practical detection method is to capture and analyze HTTP traffic to identify any unusual or crafted POST requests attempting SQL injection via the 'code' parameter."}, {'type': 'paragraph', 'content': 'For example, using command-line tools like curl or network monitoring tools, you can attempt to send or detect requests similar to the following:'}, {'type': 'list_item', 'content': 'curl -X POST -d "code=\' OR \'1\'=\'1" https://[target]/components/cart/cartApplyDiscount.php'}, {'type': 'list_item', 'content': "Use network monitoring tools (e.g., Wireshark, tcpdump) to filter HTTP POST requests to '/components/cart/cartApplyDiscount.php' and inspect the 'code' parameter for suspicious payloads."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate step to mitigate this vulnerability is to update the Infoticketing software to the latest version where the vulnerability has been fixed by the development team.'}, {'type': 'paragraph', 'content': "Additionally, you should implement web application firewall (WAF) rules to block suspicious POST requests targeting the vulnerable endpoint with malicious 'code' parameters."}, {'type': 'paragraph', 'content': 'Restricting access to the affected endpoint and monitoring logs for unusual activity can also help reduce risk until the patch is applied.'}] [1]