Itsourcecode · Sports Club Management System · CVE-2025-9156
Name of the Vulnerable Software and Affected Versions:
itsourcecode Sports Management System version 1.0
Description:
A SQL injection issue exists in itsourcecode Sports Management System version 1.0. The issue is located in an unknown function within the `/Admin/sports.php` file. Manipulation of the `code` argument can trigger the injection. Remote exploitation is possible. The exploit has been made public.
Recommendations:
As a temporary workaround, consider restricting access to the `/Admin/sports.php` file until a fix is available.
Sanitize the `code` argument to prevent SQL injection.