A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expense_for leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8983 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Online Tour and Travel Management System. The vulnerability exists due to improper sanitization or validation of the 'expense_for' parameter processed by the /admin/operations/expense.php file. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially altering the intended database queries. This can lead to unauthorized data access, data modification, or even deletion within the backend database. The vulnerability requires no authentication or user interaction, making it remotely exploitable by any attacker with network access to the affected system. The CVSS v4.0 score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability (each rated low). Although no known exploits are currently observed in the wild, the public disclosure of the vulnerability increases the risk of exploitation. The affected product is a niche tour and travel management system, which likely manages sensitive customer and financial data, making the exploitation potentially impactful for organizations relying on this software for their operations.

Detailed information about CVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

Source: https://hackread.com/malvertising-attack-crypto-stealing-ps1bot-malware/

The reported security threat involves an ongoing malvertising campaign distributing a new cryptocurrency-stealing malware named PS1Bot. Malvertising, or malicious advertising, is a technique where attackers inject malicious code into legitimate online advertising networks or websites, which then deliver malware to users visiting those sites. PS1Bot is designed specifically to target cryptocurrency assets by stealing wallet credentials, private keys, or other sensitive information related to cryptocurrency holdings. The malware likely uses PowerShell scripts (indicated by the 'PS1' prefix) to execute its payload, which is a common tactic for evading traditional antivirus detection and leveraging native Windows scripting capabilities. While detailed technical indicators and affected software versions are not provided, the attack vector through malvertising suggests a broad and opportunistic distribution method, potentially affecting any users who visit compromised or maliciously injected websites. The campaign is currently active, but there are no known exploits in the wild beyond the malvertising distribution method itself. The discussion and visibility of this threat remain limited, with minimal community engagement on Reddit, but the source is recent and considered newsworthy due to the malware's focus on cryptocurrency theft, a high-value target for cybercriminals.

Reddit InfoSec News

Detailed information about On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware. Get real-time updates, technical details, and mitigation str

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware - Live Threat Intelligence - Threat Radar | OffSeq.com

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

Reddit Discussion: On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8982 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Online Tour and Travel Management System. The flaw exists in the /admin/operations/currency.php file, specifically through the manipulation of the 'curr_code' parameter. This parameter is vulnerable to injection of malicious SQL code, allowing an unauthenticated remote attacker to execute arbitrary SQL commands on the backend database. The vulnerability does not require any user interaction or privileges, making it remotely exploitable over the network. The CVSS 4.0 base score is 6.9, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or user interaction needed. The impact on confidentiality, integrity, and availability is low to limited, suggesting that while the attacker can manipulate some data or extract information, the scope and severity of damage are somewhat constrained. No patches or fixes have been published yet, and no known exploits are reported in the wild, but the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, which is a niche online tour and travel management system used primarily by travel agencies or related businesses to manage bookings, currency operations, and other administrative tasks.

Detailed information about CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Detailed information about CVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System affecting SourceCodester COVID 19 Testing Managemen

CVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System

CVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System

Description

Technical Details

Related Threats

CVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-50862: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility