CVE-2025-57642

HIGH

Tourism Management System 2.0 - Unrestricted Shell Upload and Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-57642. PoCs published by Debug Security.

AI-analyzed exploit summary The provided text describes a shell upload vulnerability in Tourism Management System 2.0, but it lacks actual exploit code. It outlines steps to reproduce an open redirect vulnerability, not a shell upload.

Description

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.

Exploits (1)

exploitdb WRITEUP
by Debug Security · textwebappsmultiple
https://www.exploit-db.com/exploits/52433

The provided text describes a shell upload vulnerability in Tourism Management System 2.0, but it lacks actual exploit code. It outlines steps to reproduce an open redirect vulnerability, not a shell upload.

Classification
Writeup 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Tourism Management System v2.0
Auth required
Prerequisites: Access to a valid user account · Target server with vulnerable software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.0446
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (1)
sohamjuhin/tourism_management_system 2.0
Published Sep 10, 2025
Tracked Since Feb 18, 2026