CVE-2025-5077
Critical vulnerability in Campcodes Online Shopping Portal 1.0 leading to sql injection
Overview
A critical vulnerability has been found in Campcodes Online Shopping Portal 1.0, specifically affecting an unknown part of the file /admin/edit-subcategory.php. This vulnerability allows for sql injection via manipulation of the argument Category.
Technical Details
The issue primarily arises from the field editing 'Category' in the file '/admin/edit-subcategory.php'. Wrong interpretation of this data leads to an SQL injection vulnerability. Attackers can exploit remotely without the knowledge of credentials.
CVSS Metrics
- version: 4.0
- baseScore: 6.9
- attackVector: NETWORK
- attackComplexity: LOW
- privilegesRequired: NONE
- userInteraction: NONE
- vulnConfidentialityImpact: LOW
- vulnIntegrityImpact: LOW
- vulnAvailabilityImpact: LOW
Impact
This vulnerability lets attackers inject malicious SQL queries compromising database integrity and confidentiality.
Recommendations
Regularly update and patch software. Sanitize user inputs and employ parameterized queries/prepared statements to guard against SQL injection.
Threat Metrics
- "cvss_score": 6.9
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"