Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-13345

CVE-2025-13345: Train Station Ticketing System SQLi Flaw

CVE-2025-13345 is a SQL injection vulnerability in Oretnom23 Train Station Ticketing System 1.0 affecting the /ajax.php?action=save_ticket endpoint. This article covers technical details, affected versions, security impact, and mitigation.

Published:

CVE-2025-13345 Overview

CVE-2025-13345 is a SQL injection vulnerability in SourceCodester Train Station Ticketing System 1.0, developed by oretnom23. The flaw resides in the /ajax.php?action=save_ticket endpoint, where unsanitized user input is passed directly into a database query. Remote attackers with low-level privileges can manipulate request parameters to inject arbitrary SQL statements. The exploit has been publicly disclosed and may be reused by opportunistic actors. The vulnerability is classified under [CWE-89] SQL Injection and [CWE-74] Improper Neutralization of Special Elements in Output.

Critical Impact

Authenticated remote attackers can inject SQL queries through the save_ticket action, exposing or modifying ticketing database records.

Affected Products

  • SourceCodester Train Station Ticketing System 1.0
  • Vendor: oretnom23
  • CPE: cpe:2.3:a:oretnom23:train_station_ticketing_system:1.0

Discovery Timeline

  • 2025-11-18 - CVE-2025-13345 published to NVD
  • 2026-04-29 - Last updated in NVD database

Technical Details for CVE-2025-13345

Vulnerability Analysis

The vulnerability exists in the save_ticket handler reachable through /ajax.php?action=save_ticket. The application accepts attacker-controlled parameters and concatenates them into a SQL statement without parameterized queries or input sanitization. An attacker authenticated with a low-privilege account can submit crafted payloads through the AJAX endpoint to alter query logic. Successful exploitation can disclose ticketing records, customer information, or administrative credentials stored in the underlying database.

The attack requires no user interaction and can be launched over the network. Because the exploit is publicly disclosed via VulDB and a GitHub issue tracker, opportunistic scanning and reuse against exposed deployments is likely.

Root Cause

The root cause is improper neutralization of special characters used in SQL commands [CWE-89]. The save_ticket action does not validate or escape user-supplied request parameters before incorporating them into a database query string. The lack of prepared statements or stored procedure binding allows operators such as ', --, UNION, and OR 1=1 to terminate the intended statement and append attacker-controlled SQL.

Attack Vector

An attacker sends an HTTP POST or GET request to /ajax.php?action=save_ticket containing a malicious value in one of the ticket form fields. The injected payload modifies the resulting SQL query executed against the backend database. Because the endpoint requires only low-privilege authentication, any registered user can trigger the flaw. The vulnerability manifests in the ticket persistence routine; see the GitHub CVE Issue Discussion and VulDB #332763 for technical details.

Detection Methods for CVE-2025-13345

Indicators of Compromise

  • HTTP requests to /ajax.php?action=save_ticket containing SQL metacharacters such as ', ", --, ;, or keywords like UNION, SELECT, SLEEP, and OR 1=1.
  • Unexpected database errors or extended response times originating from the save_ticket handler.
  • Web server access logs showing repeated parameter fuzzing against the ajax.php script from a single source IP.

Detection Strategies

  • Deploy web application firewall (WAF) signatures that flag SQL injection patterns in parameters submitted to ajax.php.
  • Enable verbose database query logging and alert on syntax errors generated by the save_ticket workflow.
  • Correlate authenticated user sessions with anomalous request volumes targeting the ticketing endpoint.

Monitoring Recommendations

  • Monitor outbound database traffic for unusual INFORMATION_SCHEMA or mysql.user queries originating from the application service account.
  • Audit application logs for repeated failed ticket submissions tied to the same low-privilege account.
  • Track new or modified administrative records in the ticketing database that lack corresponding application audit trails.

How to Mitigate CVE-2025-13345

Immediate Actions Required

  • Restrict access to the Train Station Ticketing System to trusted internal networks until a fix is applied.
  • Disable or remove low-privilege accounts that are not strictly required for operations.
  • Deploy WAF rules blocking SQL metacharacters in parameters submitted to /ajax.php?action=save_ticket.

Patch Information

No vendor patch is listed in the NVD entry or vendor advisory URLs at the time of publication. Operators should monitor the SourceCodester Security Resource and the GitHub CVE Issue Discussion for remediation updates. Until a vendor patch is released, modify the save_ticket handler to use parameterized queries or prepared statements for every user-controlled input.

Workarounds

  • Refactor the save_ticket server-side code to bind parameters using PDO or mysqli prepared statements instead of string concatenation.
  • Enforce strict input validation and allow-listing for ticket form fields, rejecting non-alphanumeric characters where feasible.
  • Apply database least-privilege principles so the application account cannot read or modify sensitive tables beyond its scope.
bash
# Example WAF rule (ModSecurity) blocking SQLi against save_ticket
SecRule REQUEST_URI "@contains /ajax.php" \
  "chain,id:1013345,phase:2,deny,status:403,msg:'SQLi attempt on save_ticket'"
  SecRule ARGS "@detectSQLi" "t:none"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.