A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-9053 is a SQL Injection vulnerability identified in version 1.0 of the projectworlds Travel Management System, specifically within the /updatesubcategory.php file. The vulnerability arises from improper sanitization or validation of the input parameters 't1' and 's1', which are directly used in SQL queries. This flaw allows an unauthenticated attacker to remotely inject malicious SQL code, potentially manipulating the backend database. The CVSS 4.0 score of 6.9 (medium severity) reflects that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and has partial impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability is exploitable without authentication or user interaction, increasing its risk profile. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code raises the likelihood of exploitation attempts. The absence of patches or mitigation guidance from the vendor at this time further elevates the risk. SQL Injection vulnerabilities can lead to unauthorized data access, data modification, or even complete compromise of the underlying database and application, depending on the database permissions and environment configuration. Given the nature of travel management systems, which typically handle sensitive customer data, booking details, and payment information, exploitation could result in significant data breaches and operational disruptions.

CVE Database V5

Detailed information about CVE-2025-9053: SQL Injection in projectworlds Travel Management System affecting projectworlds Travel Management System. Get real-tim

CVE-2025-9053: SQL Injection in projectworlds Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9053: SQL Injection in projectworlds Travel Management System

A new ransomware strain called 'Blue Locker' is targeting Pakistan's oil and gas sector, particularly affecting Pakistan Petroleum Limited. The National Cyber Emergency Response Team (NCERT) has issued warnings to 39 key ministries and institutions about this severe threat. The ransomware, which shares similarities with the Shinra malware family, encrypts files and demands ransom payments. It uses a combination of AES and RSA encryption algorithms and is distributed through phishing emails and malicious attachments. The attack coincided with Pakistan's Independence Day, suggesting possible nation-state involvement rather than traditional cybercriminal activity. NCERT has recommended strengthening cybersecurity measures, including multi-factor authentication, email filtering, and employee training. The incident highlights vulnerabilities in Pakistan's government IT infrastructure and the need for a more proactive cybersecurity approach.

The 'Blue Locker' ransomware is a newly identified malware strain targeting primarily the oil and gas sector in Pakistan, with a notable impact on Pakistan Petroleum Limited. This ransomware shares technical similarities with the Shinra malware family, known for its file encryption capabilities and ransom demands. Blue Locker employs a hybrid encryption scheme combining AES (Advanced Encryption Standard) for fast symmetric encryption of files and RSA (Rivest–Shamir–Adleman) for secure key exchange, making decryption without the attacker’s private key infeasible. The infection vector is primarily phishing emails containing malicious attachments, a common and effective delivery method that exploits human factors. The timing of the attack, coinciding with Pakistan's Independence Day, suggests potential nation-state involvement rather than typical financially motivated cybercriminals. The National Cyber Emergency Response Team (NCERT) in Pakistan has issued warnings to 39 key ministries and institutions, highlighting the threat's severity and the vulnerabilities present in government IT infrastructure. The ransomware exhibits tactics consistent with advanced persistent threat (APT) behaviors, including persistence mechanisms (T1543, T1548.002), defense evasion (T1562.001), credential access (T1056), and impact techniques such as data encryption for impact (T1486) and system shutdown (T1489). Indicators of compromise include multiple file hashes associated with the malware binaries. Although no known exploits are reported in the wild, the threat is active and evolving. The attack underscores the critical need for proactive cybersecurity measures in critical infrastructure sectors, especially those with geopolitical significance.

AlienVault OTX General

Detailed information about 'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan. Get real-time updates, technical details, and mitigation s

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan - Live Threat Intelligence - Threat Radar | OffSeq.com

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

This report provides an in-depth analysis of VexTrio's traffic distribution system (TDS) infrastructure. It reveals their use of resilient, fault-tolerant systems spread across multiple hosting providers and data centers. Key components include DevOps tools like Terraform and Kubernetes, tracking software such as Binom, and cloaking capabilities. The analysis exposes VexTrio's reliance on content delivery networks (CDNs) as potential vulnerabilities. Their CDN domains rank among the top 10,000 most popular websites globally, highlighting the massive scale of their operations. The research aims to shed light on the inner workings of malicious adtech networks to spur further investigation into the industry.

The threat campaign titled "The Hidden Infrastructure Behind VexTrio's TDS" details an in-depth analysis of the malicious traffic distribution system (TDS) operated by the adversary group known as VexTrio. This infrastructure is designed to facilitate large-scale, resilient, and fault-tolerant distribution of malicious or unwanted traffic, primarily through an adtech network that leverages affiliate advertising platforms. The system is architected using modern DevOps tools such as Terraform and Kubernetes, enabling rapid deployment, scalability, and resilience across multiple hosting providers and data centers. The use of tracking software like Binom allows the adversary to monitor and analyze traffic flows, while cloaking techniques help evade detection by security tools and researchers. A notable aspect of VexTrio's infrastructure is its reliance on content delivery networks (CDNs), which serve as a force multiplier by providing global reach and high availability. The domains associated with their CDN infrastructure rank among the top 10,000 most popular websites worldwide, indicating a massive scale and significant traffic volume. The campaign includes a list of suspicious domains such as assets-path.com, dt-assets.com, hktrk.com, and holaco.de, among others, which are indicators of compromise or infrastructure components used by VexTrio. Although no direct exploits or vulnerabilities are reported, the campaign highlights the operational sophistication and potential risks posed by such malicious adtech networks. The report aims to increase awareness and encourage further investigation into the abuse of adtech infrastructure for malicious purposes.

Detailed information about The Hidden Infrastructure Behind VexTrio's TDS. Get real-time updates, technical details, and mitigation strategies.

The Hidden Infrastructure Behind VexTrio's TDS - Live Threat Intelligence - Threat Radar | OffSeq.com

The Hidden Infrastructure Behind VexTrio's TDS

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-9052 is a SQL Injection vulnerability identified in version 1.0 of the projectworlds Travel Management System, specifically within the /updatepackage.php file. The vulnerability arises from improper sanitization or validation of the 's1' parameter, which allows an attacker to inject malicious SQL code remotely without any authentication or user interaction. This flaw enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or deletion. The CVSS 4.0 base score of 6.9 reflects a medium severity, indicating that while the attack vector is network-based and requires no privileges or user interaction, the impact on confidentiality, integrity, and availability is limited to low levels. The vulnerability does not affect system confidentiality, integrity, or availability to a critical extent but still poses a significant risk due to the possibility of data leakage or unauthorized changes. No known exploits are currently reported in the wild, but public disclosure increases the risk of exploitation attempts. The lack of available patches or mitigations from the vendor further heightens the urgency for organizations using this software to implement protective measures.

Detailed information about CVE-2025-9052: SQL Injection in projectworlds Travel Management System affecting projectworlds Travel Management System. Get real-tim

CVE-2025-9052: SQL Injection in projectworlds Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9052: SQL Injection in projectworlds Travel Management System

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.

This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used.

Even unauthenticated attackers can exploit this vulnerability.


Users are recommended to upgrade to version 24.09.02, which fixes the issue.

Detailed information about CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz affecting

CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz

CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz

Description

Technical Details

Related Threats

CVE-2025-9053: SQL Injection in projectworlds Travel Management System

CVE-2025-9052: SQL Injection in projectworlds Travel Management System

CVE-2025-9019: Heap-based Buffer Overflow in tcpreplay

CVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System

CVE-2025-9051: SQL Injection in projectworlds Travel Management System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility