CVE-2025-5056
SQL Injection in Campcodes Online Shopping Portal 1.0
Overview
A critical SQL injection vulnerability has been discovered in Campcodes Online Shopping Portal 1.0, within an unknown functionality of the file /admin/edit-products.php. The manipulation of the Category argument can trigger the exploit.
Technical Details
An SQL Injection vulnerability exists in the admin/edit-product.php file of Campcodes Online Shopping Portal 1.0 due to improper sanitization of the Category input. This allows a remote attacker to execute arbitrary SQL commands and manipulate the database.
CVSS Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "privilegesRequired": "NONE"
- "userInteraction": "NONE"
- "scope": "UNCHANGED"
- "confidentialityImpact": "LOW"
- "integrityImpact": "LOW"
- "availabilityImpact": "LOW"
Impact
The exploitation of this vulnerability would allow an attacker to compromise the integrity, confidentiality, and availability of the target system and data.
Recommendations
Preventive measures include updating the software to its latest version, implementing proper input validation or sanitization measures, and following secure coding practices.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "privilegesRequired": "NONE"
- "userInteraction": "NONE"
- "scope": "UNCHANGED"
- "confidentialityImpact": "LOW"
- "integrityImpact": "LOW"
- "availabilityImpact": "LOW"