CVE-2025-4885

Name of the Vulnerable Software and Affected Versions iSourcecode Sales and Inventory System version 1.0

Description A critical vulnerability has been found in the iSourcecode Sales and Inventory System. The issue affects an unknown function of the file /pages/product add.php. The manipulation of the serial argument leads to SQL injection. It is possible to launch the attack remotely. Other parameters might also be affected.

Recommendations As a temporary workaround, consider restricting access to the /pages/product add.php file until a patch is available. Avoid using the serial argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.