- Description
- A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
🔴 itsourcecode Sales and Inventory System 10, SQL Injection, #CVE-2025-4885 (Critical) https://t.co/SUIjs935Km
@dailycve
28 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4885 SQL Injection Vulnerability in itsourcecode Sales and Inventory System 1.0 https://t.co/YwjdtiBauL
@VulmonFeeds
18 May 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:campcodes:sales_and_inventory_system:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0012671-CC91-49D0-A3C8-152ADAB98F4B"
}
],
"operator": "OR"
}
]
}
]