CVE-2025-9598

Name of the Vulnerable Software and Affected Versions itsourcecode Apartment Management System version 1.0

Description A security flaw exists in itsourcecode Apartment Management System 1.0. The issue involves SQL injection in the /setting/year setup.php file through manipulation of the txtXYear argument. This can be initiated remotely. The exploit has been released publicly.

Recommendations As a temporary workaround, consider restricting access to the /setting/year setup.php file to minimize the risk of exploitation. Avoid using the txtXYear argument in the affected file until the issue is resolved.