PT-2025-35459 · Itsourcecode · Sports Club Management System
Zzb1
·
Published
2025-09-01
·
Updated
2025-09-08
·
CVE-2025-9765
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Sports Management System version 1.0
Description
A vulnerability exists in itsourcecode Sports Management System 1.0. The issue involves a SQL injection affecting an unknown function within the
/Admin/tournament details.php file. Manipulation of the ID argument can trigger the injection. The attack can be launched remotely, and the exploit has been publicly disclosed.Recommendations
As a temporary workaround, consider restricting access to the
/Admin/tournament details.php file to minimize the risk of exploitation.
Avoid using the ID parameter in the affected file until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sports Club Management System