SQL Injection Vulnerability in itsourcecode Agri-Trading Online Shopping System
CVE-2025-7193
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-7193?
A vulnerability in the itsourcecode Agri-Trading Online Shopping System allows for SQL injection through improper handling of the 'supplier' argument in the /admin/suppliercontroller.php file. This flaw enables remote attackers to execute unauthorized SQL queries, potentially compromising the database. As the exploit has been publicly disclosed, it poses a significant risk to users of version 1.0 of the product, necessitating immediate attention and remediation.
Affected Version(s)
Agri-Trading Online Shopping System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved