SQL Injection Vulnerability in itsourcecode Sales and Inventory System
CVE-2025-4886
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 18 May 2025
Badges
What is CVE-2025-4886?
A vulnerability has been identified in the itsourcecode Sales and Inventory System version 1.0. This vulnerability arises from improper handling of input parameters in the /pages/product_update.php file, specifically targeting the 'serial' argument. By exploiting this flaw, attackers can execute SQL injection attacks, potentially allowing unauthorized access to the underlying database. Remote execution of this exploit has been confirmed, raising significant security concerns. It's crucial for users to apply necessary patches and monitor other potentially affected parameters to mitigate this risk.
Affected Version(s)
Sales and Inventory System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved