CVE-2025-9420

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0

Description: A flaw exists in itsourcecode Apartment Management System 1.0 that allows for SQL injection. The issue is located in the /floor/addfloor.php file, where manipulation of the hdnid argument can trigger the injection. The attack can be launched remotely. The exploit has been published.

Recommendations: As a temporary workaround, consider restricting access to the /floor/addfloor.php file until a fix is available. Sanitize the hdnid argument to prevent SQL injection.