SQL Injection Vulnerability in itsourcecode Tailoring Management System
CVE-2025-0949

5.3MEDIUM

Key Information:

Vendor
Itsourcecode
Status
Tailoring Management System
Vendor
CVE Published:
1 February 2025

Badges

👾 Exploit Exists

Summary

The vulnerability in the itsourcecode Tailoring Management System version 1.0 is triggered through an unsanitized input in the partview.php file, leading to SQL injection. Attackers can exploit this weakness remotely, allowing them to manipulate database queries which can compromise user data, integrity, and overall system security. This issue has been publicly disclosed, raising the risk of potential attacks. Immediate action is recommended for users of the affected system.

Affected Version(s)

Tailoring Management System 1.0

References

https://vuldb.com/?id.294304
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294304
signaturepermissions-required
https://github.com/magic2353112890/cve/issues/7
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.