Codeastro Bus Ticket Booking System — known CVE vulnerabilities
Every CVE whose affected-product data names Codeastro Bus Ticket Booking System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-25775 — CVSS 9.8 (critical): Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
CVE-2025-25777 — CVSS 8.0 (high): Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By…
CVE-2025-25776 — CVSS 5.0 (medium): Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System…