PT-2025-35156 · Itsourcecode · Apartment Management System

Zzb2

Published

2025-08-29

Updated

2025-09-03

CVE-2025-9597

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Apartment Management System version 1.0

Description A SQL injection issue exists in itsourcecode Apartment Management System 1.0. The issue is located in the file /o dashboard/rented all info.php. Manipulation of the uid argument can lead to SQL injection. The attack can be launched remotely. The exploit is publicly available.

Recommendations As a temporary workaround, consider restricting access to the file /o dashboard/rented all info.php until a fix is available. Avoid using the parameter uid in the affected file until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-9597

Affected Products

Apartment Management System

PT-2025-35156 · Itsourcecode · Apartment Management System

CVE-2025-9597

Weakness Enumeration

Related Identifiers

Affected Products

References · 13