ByteOS Network

Infoticketing

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-41002

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

View Details

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

CVSS Score-9.3||CRITICAL

EPSS-Not Assigned

Published-23 Feb, 2026 | 09:30

Updated-23 Feb, 2026 | 18:13

SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.

Vendor-MANANTIAL DE IDEAS, S.L.

Product-Infoticketing

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')