CVE-2025-13237

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0

Description A security flaw exists in itsourcecode Inventory Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the U USERNAME argument within an unknown function of the /LogSignModal.PHP file. This allows for remote exploitation. The exploit has been publicly released.

Recommendations Apply any available updates to address the SQL injection issue in the /LogSignModal.PHP file. As a temporary workaround, restrict or sanitize the U USERNAME argument to prevent SQL injection attacks. Consider disabling or restricting access to the affected file /LogSignModal.PHP until a patch is available.