CVE-2025-9153 – This vulnerability allows remote attackers to u... (How to Fix)

Q: What is the severity of CVE-2025-9153?

CVE-2025-9153 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to upload arbitrary files to the Online Tour and Travel Management System 1.0 via the photo parameter in /admin/operations/travellers.php. This can lead to server compromise through malicious file execution. All users running version 1.0 of this software are affected.

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to the Online Tour and Travel Management System 1.0 via the photo parameter in /admin/operations/travellers.php. This can lead to server compromise through malicious file execution. All users running version 1.0 of this software are affected.

💻 Affected Systems

Products:

itsourcecode Online Tour and Travel Management System

Versions: 1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the /admin/operations/travellers.php endpoint to be accessible.

📦 What is this software?

Online Tour \& Travel Management System by Mayurik

View all CVEs affecting Online Tour \& Travel Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File uploads restricted to safe extensions with proper validation, limiting impact to denial of service or storage consumption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires access to the admin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Remove or replace the vulnerable software.

🔧 Temporary Workarounds

Restrict file upload extensions

all

Modify travellers.php to only allow specific image file extensions (jpg, png, gif) and implement file type verification.

Disable admin interface access

all

Restrict access to /admin/operations/travellers.php via web server configuration or firewall rules.

# Apache: <Location /admin/operations/travellers.php> Require all denied </Location>
# Nginx: location /admin/operations/travellers.php { deny all; }

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file uploads
Monitor file upload directory for suspicious files and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a non-image file (e.g., .php, .exe) via the photo parameter in /admin/operations/travellers.php. If successful, system is vulnerable.

Check Version:

Check software documentation or admin panel for version information.

Verify Fix Applied:

Attempt the same upload test; successful uploads should be rejected with proper validation errors.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /admin/operations/travellers.php
Uploads of non-image file types
Large or suspicious files in upload directories

Network Indicators:

POST requests to /admin/operations/travellers.php with file uploads
Unusual outbound connections from the web server

SIEM Query:

source="web_server" AND uri="/admin/operations/travellers.php" AND method="POST" AND file_upload="true"

📊 Metadata

CVE ID: CVE-2025-9153

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.05% exploit probability (13.6th percentile)

Published: August 19, 2025

Last Updated: August 21, 2025

🔗 References

https://github.com/HjsCS/CVE/issues/4 Exploit,Issue Tracking
https://itsourcecode.com/ Product
https://vuldb.com/?ctiid.320533 Permissions Required,VDB Entry
https://vuldb.com/?id.320533 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.630200 Third Party Advisory,VDB Entry
https://github.com/HjsCS/CVE/issues/4 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9153, you might also want to check these: