A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-8967: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8967: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8967: SQL Injection in itsourcecode Online Tour and Travel Management System

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8966 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Online Tour and Travel Management System. The vulnerability arises from improper sanitization of the 'tname' parameter in the /admin/operations/tax.php file. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to or modification of the backend database. The vulnerability does not require any authentication or user interaction, making it exploitable by any remote attacker with network access to the affected system. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, and no privileges or user interaction required. The impact on confidentiality, integrity, and availability is rated as low, indicating that while exploitation can lead to some data exposure or modification, it is not expected to cause full system compromise or denial of service. No known exploits are currently observed in the wild, and no official patches have been published yet. However, public disclosure of the exploit code increases the risk of exploitation by opportunistic attackers. The vulnerability specifically targets the tax management functionality within the administrative interface, which may contain sensitive financial or business data relevant to the tour and travel operations managed by the system.

Detailed information about CVE-2025-8966: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8966: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8966: SQL Injection in itsourcecode Online Tour and Travel Management System

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8965 is a medium-severity vulnerability affecting linlinjava's litemall e-commerce platform versions 1.0 through 1.8.0. The flaw exists in the 'create' function of the AdminStorageController.java file within the litemall-admin-api component. Specifically, the vulnerability arises from improper validation of the 'File' argument, allowing an attacker to perform unrestricted file uploads remotely without authentication or user interaction. This means an attacker can upload arbitrary files, potentially including malicious scripts or executables, to the server hosting the litemall application. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability. Although no known exploits are currently active in the wild, the public disclosure of the exploit code increases the risk of exploitation. Unrestricted file upload vulnerabilities are critical because they can lead to remote code execution, server compromise, data leakage, or defacement if exploited successfully. The vulnerability affects the administrative API endpoint, which may be exposed in some deployments, increasing the attack surface. Given the lack of authentication requirements and the ability to upload files remotely, attackers can leverage this flaw to bypass security controls and gain unauthorized access or persist within the system. The absence of official patches at the time of disclosure necessitates immediate mitigation efforts by organizations using affected versions of litemall.

Detailed information about CVE-2025-8965: Unrestricted Upload in linlinjava litemall affecting linlinjava litemall. Get real-time updates, technical details, an

CVE-2025-8965: Unrestricted Upload in linlinjava litemall - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8965: Unrestricted Upload in linlinjava litemall

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

CVE-2025-36047 is a medium-severity vulnerability affecting IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8. The vulnerability is classified under CWE-770, which pertains to the allocation of resources without limits or throttling. Specifically, this flaw allows a remote attacker to send a specially crafted request to the WebSphere Liberty server, causing it to consume excessive memory resources. This uncontrolled resource consumption can lead to a denial of service (DoS) condition, where legitimate users are unable to access the application server due to resource exhaustion. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based, making it exploitable remotely. The CVSS v3.1 base score is 5.3, reflecting a medium severity primarily due to the impact on availability without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that organizations should monitor IBM advisories closely for updates. The vulnerability affects a widely used Java EE application server platform that hosts critical enterprise applications, making it a significant concern for organizations relying on WebSphere Liberty for their middleware infrastructure.

Detailed information about CVE-2025-36047: CWE-770 Allocation of Resources Without Limits or Throttling in IBM WebSphere Application Server Liberty affecting IB

CVE-2025-36047: CWE-770 Allocation of Resources Without Limits or Throttling in IBM WebSphere Application Server Liberty - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-36047: CWE-770 Allocation of Resources Without Limits or Throttling in IBM WebSphere Application Server Liberty

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

Detailed information about CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki affecting youki-dev youki. Get real-time updates, t

CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki

CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki

Description

Technical Details

Related Threats

CVE-2025-8967: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-8966: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-8965: Unrestricted Upload in linlinjava litemall

CVE-2025-36047: CWE-770 Allocation of Resources Without Limits or Throttling in IBM WebSphere Application Server Liberty

CVE-2025-33142: CWE-295 Improper Certificate Validation in IBM WebSphere Application Server

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility