Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.

CVE Database V5

Detailed information about CVE-2025-48081: CWE-35 Path Traversal: '.../...//' in Printeers Printeers Print & Ship affecting Printeers Printeers Print & Ship. Ge

CVE-2025-48081: CWE-35 Path Traversal: '.../...//' in Printeers Printeers Print & Ship - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48081: CWE-35 Path Traversal: '.../...//' in Printeers Printeers Print & Ship

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

CVE-2025-9509 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Apartment Management System. The flaw exists in the processing of the 'fid' parameter within the /report/fair_info_all.php file. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to or modification of the backend database. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 base score of 6.9 reflects a medium severity rating, indicating that while the attack vector is network-based and requires no privileges, the impact on confidentiality, integrity, and availability is limited to low levels. The vulnerability does not affect system confidentiality, integrity, or availability to a critical extent but can lead to unauthorized data disclosure or minor data manipulation. No official patches have been released yet, and although no known exploits are currently active in the wild, a public exploit has been published, increasing the risk of exploitation. This vulnerability highlights a common web application security issue where insufficient input validation or parameterized queries allow attackers to execute arbitrary SQL commands, which can compromise the database and potentially the entire application environment if leveraged further.

Detailed information about CVE-2025-9509: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9509: SQL Injection in itsourcecode Apartment Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9509: SQL Injection in itsourcecode Apartment Management System

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the argument rsid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

CVE-2025-9508 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Apartment Management System, specifically within an unspecified function in the /report/rented_info.php file. The vulnerability arises due to improper sanitization or validation of the 'rsid' parameter, which is susceptible to malicious input manipulation. An attacker can exploit this flaw remotely without any authentication or user interaction, by crafting specially designed input to the 'rsid' parameter, enabling them to inject arbitrary SQL commands. This can lead to unauthorized access to the backend database, allowing the attacker to read, modify, or delete sensitive data related to apartment rental information. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting that while the attack vector is network-based with low attack complexity and no privileges or user interaction required, the impact on confidentiality, integrity, and availability is limited to low. The exploit code is publicly available, increasing the risk of exploitation, although no active exploitation in the wild has been reported yet. Since the vulnerability affects a management system used for apartment rentals, the data exposed could include tenant information, rental agreements, payment records, and other personally identifiable information (PII), which could be leveraged for further attacks or identity theft.

Detailed information about CVE-2025-9508: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9508: SQL Injection in itsourcecode Apartment Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9508: SQL Injection in itsourcecode Apartment Management System

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

CVE-2025-9507 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Apartment Management System, specifically within the /report/visitor_info.php file. The vulnerability arises from improper sanitization or validation of the 'vid' parameter, which is used in SQL queries. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to the backend database. This can lead to unauthorized data disclosure, data modification, or even complete compromise of the database server. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 score of 6.9 (medium severity) reflects the ease of exploitation (no privileges or user interaction required) but limited impact on confidentiality, integrity, and availability (all rated low to limited). No official patches have been published yet, and although no known exploits are reported in the wild, a public exploit is available, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, which is an apartment management system likely used by property management companies to handle visitor logs and related data. Given the nature of the system, the database may contain sensitive personal information about residents and visitors, making the confidentiality impact significant if exploited.

Detailed information about CVE-2025-9507: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9507: SQL Injection in itsourcecode Apartment Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9507: SQL Injection in itsourcecode Apartment Management System

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Detailed information about CVE-2025-9510: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9510: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9510: SQL Injection in itsourcecode Apartment Management System

Description

Technical Details

Related Threats

CVE-2025-48081: CWE-35 Path Traversal: '.../...//' in Printeers Printeers Print & Ship

CVE-2025-9509: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9508: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9507: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9506: SQL Injection in Campcodes Online Loan Management System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility