CVE-2025-5057
SQL Injection vulnerability in Campcodes Online Shopping Portal 1.0
Overview
This vulnerability was discovered in Campcodes Online Shopping Portal 1.0 in the functionality of the file /admin/insert-product.php. The manipulated argument 'Category' leads to SQL injection. The attack can be launched remotely.
Technical Details
The weak point is unknown functionality of the file /admin/insert-product.php. When the 'Category' argument is manipulated, it becomes prone to SQL injection. As the attack is executable remotely, the scope is potentially widespread.
CVSS Metrics
- baseScore: 7.3
- baseSeverity: HIGH
- attackVector: NETWORK
- attackComplexity: LOW
- confidentialityImpact: LOW
- integrityImpact: LOW
- availabilityImpact: LOW
Impact
The vulnerability can lead to confidentiality, integrity, and availability impact. With an ability to be launched remotely, its impact can be widespread.
Recommendations
Implement proper sanitization and validation of the inputs. Perform regular security reviews and updates. A patch resolving this vulnerability may already be available from the software developer.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "user_interaction": "NONE"
- "scope": "UNCHANGED"