SQL Injection Vulnerability in itsourcecode Tailoring Management System by itsourcecode
CVE-2025-0944

5.3MEDIUM

Key Information:

Vendor

Itsourcecode

Status
Tailoring Management System
Vendor
CVE Published:
1 February 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-0944?

A security flaw has been identified in the itsourcecode Tailoring Management System version 1.0, specifically impacting the handling of the 'id' parameter within the customerview.php file. This vulnerability allows for SQL injection attacks, enabling an attacker to execute arbitrary SQL code on the database. The manipulation of the input could allow attackers to gain unauthorized access to sensitive data or potentially compromise the entire system. This issue is publicly disclosed, making it critical for affected users to take immediate action to mitigate any risks.

Affected Version(s)

Tailoring Management System 1.0

News Articles

favicon imageThe Hacker News

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

Chinese threat actor UAT-6382 exploited CVE-2025-0944 in Trimble Cityworks to drop malware on U.S. systems.

2 weeks ago

References

https://vuldb.com/?id.294299
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294299
signaturepermissions-required
https://github.com/magic2353112890/cve/issues/7
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 💰

    Used in Ransomware

  • 📰

    First article discovered by The Hacker News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.