CVE-2025-4886

Name of the Vulnerable Software and Affected Versions iSourcecode Sales and Inventory System version 1.0

Description A critical vulnerability was found in the iSourcecode Sales and Inventory System, affecting an unknown functionality of the file /pages/product update.php. The manipulation of the serial argument leads to SQL injection. The attack can be launched remotely. Other parameters might be affected as well.

Recommendations For iSourcecode Sales and Inventory System version 1.0, consider disabling access to the /pages/product update.php file until a patch is available. As a temporary workaround, restrict the use of the serial argument in the product update.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.