CVE-2025-0948: itsourcecode Tailoring Management System incview.php sql injection
First published: Sat Feb 01 2025(Updated: )
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument incid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| itsourcecode Tailoring Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0948?
CVE-2025-0948 is classified as a critical vulnerability due to its potential for SQL injection.
How do I fix CVE-2025-0948?
To mitigate CVE-2025-0948, update the Tailoring Management System to the latest version and implement input validation on the 'incid' parameter.
What type of vulnerability is CVE-2025-0948?
CVE-2025-0948 is an SQL injection vulnerability affecting the incview.php file in the Tailoring Management System.
Is CVE-2025-0948 exploitable remotely?
Yes, CVE-2025-0948 can be exploited remotely, allowing attackers to manipulate the 'incid' argument.
What software is affected by CVE-2025-0948?
CVE-2025-0948 affects itsourcecode's Tailoring Management System version 1.0.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/source
- agent/last-modified-date
- agent/description
- agent/type
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/itsourcecode
- canonical/itsourcecode tailoring management system