SQL Injection Vulnerability in itsourcecode Tailoring Management System
CVE-2025-0950
5.3MEDIUM
Key Information:
- Vendor
- Itsourcecode
- Status
- Tailoring Management System
- Vendor
- CVE Published:
- 1 February 2025
Badges
👾 Exploit Exists
Summary
A vulnerability identified in the itsourcecode Tailoring Management System 1.0 allows for SQL injection via improper processing of the 'staffid' argument in the staffview.php file. This flaw can be exploited remotely, facilitating unauthorized access to the database and potentially exposing sensitive data. The exploit has been publicly disclosed, increasing the urgency for immediate remediation.
Affected Version(s)
Tailoring Management System 1.0
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved