SQL Injection Vulnerability in itsourcecode Tailoring Management System
CVE-2025-0948

5.3MEDIUM

Key Information:

Vendor
Itsourcecode
Status
Tailoring Management System
Vendor
CVE Published:
1 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the itsourcecode Tailoring Management System 1.0 due to improper handling of the 'incid' argument in the incview.php file. This flaw allows attackers to execute arbitrary SQL commands via a crafted request, potentially compromising the integrity of the database. As the exploit can be initiated remotely, it exposes systems to significant risks, and it has been publicly disclosed, making prompt remediation imperative for users.

Affected Version(s)

Tailoring Management System 1.0

References

https://vuldb.com/?id.294303
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294303
signaturepermissions-required
https://github.com/magic2353112890/cve/issues/7
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.