CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9311 – itsourcecode Apartment Management System addfair.php sql injection
https://notcve.org/view.php?id=CVE-2025-9311
21 Aug 2025 — A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. • https://vuldb.com/?id.320916 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9156 – itsourcecode Sports Management System sports.php sql injection
https://notcve.org/view.php?id=CVE-2025-9156
19 Aug 2025 — A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. • https://vuldb.com/?id.320536 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9155 – itsourcecode Online Tour and Travel Management System forget_password.php sql injection
https://notcve.org/view.php?id=CVE-2025-9155
19 Aug 2025 — A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.320535 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9154 – itsourcecode Online Tour and Travel Management System page-login.php sql injection
https://notcve.org/view.php?id=CVE-2025-9154
19 Aug 2025 — A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. • https://vuldb.com/?id.320534 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9153 – itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-9153
19 Aug 2025 — A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. • https://vuldb.com/?id.320533 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9010 – itsourcecode Online Tour and Travel Management System booking_report.php sql injection
https://notcve.org/view.php?id=CVE-2025-9010
15 Aug 2025 — A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.320041 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9009 – itsourcecode Online Tour and Travel Management System email_setup.php sql injection
https://notcve.org/view.php?id=CVE-2025-9009
15 Aug 2025 — A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.320040 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-9008 – itsourcecode Online Tour and Travel Management System sms_setting.php sql injection
https://notcve.org/view.php?id=CVE-2025-9008
15 Aug 2025 — A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.320039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8993 – itsourcecode Online Tour and Travel Management System expense_report.php sql injection
https://notcve.org/view.php?id=CVE-2025-8993
15 Aug 2025 — A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.319989 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8984 – itsourcecode Online Tour and Travel Management System expense_category.php sql injection
https://notcve.org/view.php?id=CVE-2025-8984
14 Aug 2025 — A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.319980 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •