Platform
php
Fixed in
1.0.1
A SQL Injection vulnerability has been identified in SourceCodester Online Farm Management System versions 1.0. This flaw allows attackers to manipulate database queries through the 'uname' parameter within the /Login/login.php file, potentially granting unauthorized access to sensitive information. The vulnerability is remotely exploitable and a public proof-of-concept exists, highlighting the urgency of remediation. Version 1.0.1 addresses this security concern.
Successful exploitation of CVE-2025-9833 could allow an attacker to bypass authentication and gain unauthorized access to the Online Farm Management System's database. This could lead to the exfiltration of sensitive data such as user credentials, farm inventory details, financial records, and other confidential information. Depending on the database schema, an attacker might also be able to modify or delete data, disrupting farm operations. The public availability of a proof-of-concept significantly increases the risk of exploitation, making it a high-priority concern for organizations using this system.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2025-09-02. The vulnerability has been added to the CISA KEV catalog, indicating a heightened risk of exploitation. Attackers are likely to leverage the readily available exploit to target vulnerable installations of the Online Farm Management System.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-9833 is to immediately upgrade to version 1.0.1 of the Online Farm Management System. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and sanitization on the 'uname' parameter within the /Login/login.php file. While not a complete solution, this can help reduce the attack surface. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can also provide an additional layer of protection. After upgrading, verify the fix by attempting a SQL injection attack on the /Login/login.php endpoint using a standard SQL injection payload to ensure the vulnerability is no longer present.
Update to a patched version of the Online Farm Management System. If no version is available, review and sanitize user inputs in the /Login/login.php file, especially the 'uname' parameter, to prevent (SQL Injection). Implement data validation and escaping.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9833 is a SQL Injection vulnerability affecting Online Farm Management System versions 1.0, allowing attackers to manipulate database queries via the 'uname' parameter in /Login/login.php.
You are affected if you are using Online Farm Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. As a temporary workaround, implement input validation and sanitization on the 'uname' parameter.
Yes, CVE-2025-9833 is considered actively exploited due to the public availability of a proof-of-concept and its inclusion in the CISA KEV catalog.
Refer to the SourceCodester website or their official communication channels for the advisory regarding CVE-2025-9833.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.