CVE-2025-9840 MEDIUM

CVE-2025-9840: itsourcecode Sports Management System gametype.php sql injection

Vendor Itsourcecode

Product Sports Management System

Weakness CWE-89 · SQLi

Published September 2, 2025

Last update September 3, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Key dates

02Disclosure timeline

September 2, 2025 CVE published

September 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9840 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-3316 PHPGurukul Men Salon Management System search-invoices.php sql injection CVE-2025-4028 PHPGurukul COVID19 Testing Management System profile.php sql injection CVE-2023-47530 WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection CVE-2024-13909 Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter CVE-2025-4071 PHPGurukul COVID19 Testing Management System test-details.php sql injection