SQL Injection Vulnerability in itsourcecode Sports Management System
CVE-2025-9768

5.3MEDIUM

Key Information:

Vendor

Itsourcecode

Status
Sports Management System
Vendor
CVE Published:
1 September 2025

What is CVE-2025-9768?

A significant SQL injection vulnerability has been discovered in itsourcecode Sports Management System version 1.0. This issue arises from improper handling of user-supplied input in the /Admin/mode.php file, allowing an attacker to manipulate the argument 'code'. This vulnerability can be exploited remotely, potentially compromising the system's database and exposing sensitive information. Organizations using this software should take immediate action to secure their applications and prevent unauthorized access.

Affected Version(s)

Sports Management System 1.0

References

https://vuldb.com/?id.322068
vdb-entrytechnical-description
https://vuldb.com/?ctiid.322068
signaturepermissions-required
https://vuldb.com/?submit.641753
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HUAYER (VulDB User)
.