CVE-2025-9426 – iSourcecode Online Tour and Travel Management System SQL Injection

August 25, 2025

CVE ID : CVE-2025-9426

Published : Aug. 25, 2025, 11:15 p.m. | 2 hours, 41 minutes ago

Description : A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9429 – Mtons Mblog Cross Site Scripting Vulnerability

Next Article CVE-2025-9425 – iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

Highlights

CVE-2025-6729 – WordPress PayMaster for WooCommerce SSRF Vulnerability

July 3, 2025

CVE ID : CVE-2025-6729

Published : July 4, 2025, 3:15 a.m. | 22 minutes ago

Description : The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the ‘wp_ajax_paym_status’ AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Rediscovering joy in learning: Jason Lengstorf on the state of development

Representative Line: Not What They Meant By Watching “AndOr”

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

GitHub Copilot for Azure Debuts in Visual Studio 2022

GitHub Copilot for Azure Debuts in Visual Studio 2022

How to Enable HDR in Stalker 2 Step by Step

Microsoft’s Latest Edge Survey Hints at Upcoming Copilot Mode Upgrades

CVE-2025-9426 – iSourcecode Online Tour and Travel Management System SQL Injection

CVE-2025-55575 – SMM Panel SQL Injection

CVE-2025-9443 – Tenda CH22 Buffer Overflow Vulnerability

YouTube just spoiled one of 2025’s biggest games for me, so I downloaded this cool browser extension to make sure it never happens again

CVE-2024-42213 – HCL BigFix Compliance Information Disclosure

CVE-2025-46675 – NASA CryptoLib Cryptographic Key State Validation Bypass

How to Force www or non-www in htaccess

CVE-2025-6729 – WordPress PayMaster for WooCommerce SSRF Vulnerability

CVE-2025-3999 – Seeyon Zhiyuan OA Web Application System Cross-Site Scripting Vulnerability

Citrix warns of login issues after NetScaler auth bypass patch

Windows Hello face unlock no longer works in the dark, and Microsoft says it’s not a bug

CVE-2025-9426 – iSourcecode Online Tour and Travel Management System SQL Injection

Related Posts