CVE-2025-0561
Published: 19 January 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-0561 is a critical SQL injection vulnerability in itsourcecode Farm Management System 1.0, published on 2025-01-19. The issue affects unknown code within the file /add-pig.php, where manipulation of the pigno argument enables SQL injection. It is associated with CWEs CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection), and carries a CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability is remotely exploitable over the network with low complexity and no user interaction required. Exploitation demands low privileges (PR:L), such as a valid low-level account, allowing an attacker to achieve low-impact violations of confidentiality, integrity, and availability through SQL injection techniques.
Advisories and details are documented on VulDB (https://vuldb.com/?ctiid.292522, https://vuldb.com/?id.292522, https://vuldb.com/?submit.483396) and a GitHub issue (https://github.com/yunhai666/cve/issues/1), with the vendor site at https://itsourcecode.com/. The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in public-facing web application (/add-pig.php) enables exploitation (T1190) and unauthorized access to database contents (T1213.006).