Login Sign Up

CVE-2025-13485

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

CVE-2025-13485 is an SQL injection vulnerability in itsourcecode Online File Management System 1.0 that allows attackers to execute arbitrary SQL commands via the Username parameter in the login function. This affects all deployments of version 1.0 of the software. Remote attackers can potentially access, modify, or delete database contents.

💻 Affected Systems

Products:
  • itsourcecode Online File Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable. No specific configuration required for exploitation.

📦 What is this software?

File Management System by Admerc

View all CVEs affecting File Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, remote code execution, or system takeover.

🟠

Likely Case

Unauthorized data access, credential theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules block malicious requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires no authentication and uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://itsourcecode.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns in login requests.

# Example ModSecurity rule: SecRule ARGS:Username "@detectSQLi" "id:1001,phase:2,deny,status:403"

Input Validation Filter

all

Add server-side input validation to sanitize Username parameter before processing.

# PHP example: $username = mysqli_real_escape_string($conn, $_POST['Username']);

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only.
  • Implement strict network segmentation and monitor all traffic to /ajax.php?action=login endpoint.

🔍 How to Verify

Check if Vulnerable:

Test the /ajax.php?action=login endpoint with SQL injection payloads in Username parameter (e.g., admin' OR '1'='1).

Check Version:

Check software version in admin panel or readme files. Default installation is version 1.0.

Verify Fix Applied:

Verify that SQL injection attempts return error messages or are blocked without executing.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL syntax in Username parameter
  • Multiple failed login attempts with SQL characters
  • Database error messages in application logs

Network Indicators:

  • HTTP POST requests to /ajax.php?action=login with SQL keywords in parameters
  • Unusual traffic patterns to login endpoint

SIEM Query:

source="web_logs" AND uri="/ajax.php" AND query="action=login" AND (Username="*'*" OR Username="*OR*" OR Username="*UNION*" OR Username="*SELECT*")

📊 Metadata

CVE ID: CVE-2025-13485
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (10.8th percentile)
Published: November 21, 2025
Last Updated: November 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13485, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)