CVE-2025-5006
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
Overview
A critical sql injection vulnerability has been discovered in Campcodes Online Shopping Portal 1.0, affecting an unknown function of the file /admin/category.php.
Technical Details
The vulnerability lies within the manipulation of the argument Category that leads to an SQL Injection, and could be exploited remotely, posing serious threat to the integrity of the system.
CVSS Metrics
- Base score: 7.3
- Attack vector: NETWORK
- Attack complexity: LOW
- Privileges Required: NONE
- User interaction: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability can lead to unauthorized viewing, modification or deletion of the records in the database, potentially leading to a total compromise of the affected system.
Recommendations
To mitigate the vulnerability, users are advised to verify and sanitize the input provided, and consider implementing a protective mechanism against SQL Injection attacks.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "privileges_required": "NONE"
- "user_interaction": "NONE"
- "confidentiality_impact": "LOW"
- "integrity_impact": "LOW"
- "availability_impact": "LOW"