CVE Alert: CVE-2025-9811 – Campcodes – Farm Management System
CVE-2025-9811
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
AI Summary Analysis
Risk verdict
High risk: a publicly available exploit enables remote, unauthenticated SQL injection, increasing the likelihood of data disclosure or tampering; KEV/EPSS indicators are not provided to confirm a formal prioritisation.
Why this matters
The vulnerability affects a web-accessible farm management system, enabling an attacker to read or modify database records without authentication. In practice, this can disrupt operational data, compromise farm records, and potentially facilitate further intrusion or data exfiltration, impacting regulatory compliance and operational resilience.
Most likely attack path
An attacker could reach the vulnerable endpoint over the internet, exploit the rating parameter via a crafted request, and trigger SQL injection with no user interaction and no privileges required. The impact spans confidentiality, integrity, and availability, with no scope change, suggesting the attacker could extract or corrupt data and degrade service in a single opportunistic step.
Who is most exposed
Publicly reachable or misconfigured deployments of the system (especially cloud-hosted or internet-exposed instances) are at greatest risk; SMB-to-mid-size organisations operating web-accessible farm-management interfaces are most vulnerable.
Detection ideas
- Unusual HTTP requests targeting the vulnerable endpoint with anomalous rating values
- Database error messages or latency spikes linked to specific inputs
- SQL error traces in application logs or DB logs
- Sudden data anomalies or record inconsistencies
- IDS/IPS signatures for SQL injection patterns
Mitigation and prioritisation
- Apply the latest vendor patch or upgrade to a fixed release immediately
- Implement parameterised queries/prepared statements and robust input validation
- Disable detailed DB error messages and enable generic errors
- Deploy WAF rules to block SQLi patterns on the affected endpoint
- Review network exposure and restrict access to trusted networks; reinforce change-management testing before rollout
- If KEV/EPSS indicators become available, adjust to treat as priority 1
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
