SQL Injection Vulnerability in itsourcecode Online Tour and Travel Management System
CVE-2025-9425
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 25 August 2025
Badges
What is CVE-2025-9425?
A security flaw has been identified in the itsourcecode Online Tour and Travel Management System 1.0, specifically in the /enquiry.php file. An attacker can manipulate the 'pid' argument to execute SQL injection, enabling them to perform unauthorized database queries. This exploitation can occur remotely, posing a substantial risk to the application's integrity and user data. Publicly available exploits increase the urgency for users to secure their applications.
Affected Version(s)
Online Tour and Travel Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved