A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVE Database V5

Detailed information about CVE-2025-9645: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9645: SQL Injection in itsourcecode Apartment Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9645: SQL Injection in itsourcecode Apartment Management System

A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVE-2025-9643 is a medium-severity SQL Injection vulnerability identified in version 1.0 of the itsourcecode Apartment Management System. The vulnerability resides in the /setting/utility_bill_setup.php file, specifically in the handling of the txtGasBill parameter. An attacker can manipulate this parameter to inject malicious SQL code remotely without requiring any authentication or user interaction. This allows the attacker to potentially execute arbitrary SQL commands on the backend database. The vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), indicating partial but not complete compromise of data or system functionality. Although no public exploits are currently known in the wild, the exploit code has been made publicly available, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been published yet. The CVSS 4.0 score of 6.9 reflects a medium severity level, primarily due to the ease of exploitation and the potential for unauthorized data access or modification through SQL injection attacks.

Detailed information about CVE-2025-9643: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9643: SQL Injection in itsourcecode Apartment Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9643: SQL Injection in itsourcecode Apartment Management System

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

Source: https://thehackernews.com/2025/08/feds-seize-64m-veriftools-fake-id.html

The reported threat concerns the VerifTools fake-ID marketplace, an illicit online platform facilitating the sale of counterfeit identification documents. Law enforcement agencies recently seized assets totaling $6.4 million linked to this marketplace, indicating its significant scale and impact. Despite this disruption, the operators have relaunched the marketplace on a new domain, demonstrating resilience and persistence in their criminal activities. The marketplace primarily supports phishing and identity fraud schemes by providing fake IDs that can be used to bypass identity verification processes, enabling fraudsters to impersonate legitimate individuals. This facilitates a range of criminal activities including financial fraud, money laundering, and unauthorized access to services. The technical details are limited, but the threat is categorized under phishing, suggesting that the fake IDs may be leveraged in social engineering attacks or to create credible fraudulent identities for phishing campaigns. The operators’ ability to quickly re-establish the marketplace on a new domain highlights the challenges law enforcement faces in fully dismantling such cybercriminal infrastructures. Although no direct exploits or vulnerabilities are associated with software or hardware, the threat represents a significant social engineering and identity fraud risk vector.

Reddit InfoSec News

Detailed information about Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain. Get real-time updates, technical details, and 

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain - Live Threat Intelligence - Threat Radar | OffSeq.com

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

Reddit Discussion: Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Source: https://thehackernews.com/2025/08/tamperedchef-malware-disguised-as-fake.html

The TamperedChef malware is a newly identified threat that masquerades as fake PDF editor software to deceive users into installing it. Once installed, the malware focuses on stealing sensitive user credentials and browser cookies. These stolen artifacts can be leveraged by attackers to gain unauthorized access to user accounts, bypass authentication mechanisms, and potentially escalate privileges within compromised environments. The malware’s disguise as a legitimate PDF editor exploits common user behavior, as PDF editing tools are widely used and trusted. The absence of affected software versions or patches suggests that this malware operates independently of specific vulnerabilities in existing software, relying instead on social engineering and deception for initial infection. The technical details indicate limited public discussion and minimal indicators of compromise currently available, which may hinder early detection and response efforts. Although no known exploits in the wild have been reported, the high severity rating reflects the potential impact of credential and cookie theft on organizational security. The malware’s ability to harvest authentication tokens and credentials can facilitate lateral movement, data exfiltration, and persistent access in targeted environments.

Detailed information about TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies. Get real-time updates, technical details, and miti

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies - Live Threat Intelligence - Threat Radar | OffSeq.com

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Reddit Discussion: TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Detailed information about CVE-2025-9644: SQL Injection in itsourcecode Apartment Management System affecting itsourcecode Apartment Management System. Get real

CVE-2025-9644: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9644: SQL Injection in itsourcecode Apartment Management System

Description

Technical Details

Related Threats

CVE-2025-9645: SQL Injection in itsourcecode Apartment Management System

CVE-2025-9643: SQL Injection in itsourcecode Apartment Management System

CVE-2025-40705: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in ACDH-CH OpenAtlas

CVE-2025-40704: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in ACDH-CH OpenAtlas

CVE-2025-40703: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in ACDH-CH OpenAtlas

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility