CVE-2025-5078
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
Overview
A vulnerability has been identified in the Campcodes Online Shopping Portal version 1.0. This critical SQL injection flaw lies within the /admin/subcategory.php file. The manipulation of the Category argument could potentially lead to unauthorized activities.
Technical Details
The flaw resides within the unknown code of file /admin/subcategory.php. By manipulating the Category argument, attackers can cause an SQL Injection which can be initiated remotely, thus affecting the data integrity of the portal.
CVSS Metrics
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Base Severity: HIGH
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
- Privileges Required: NONE
- User Interaction: NONE
Impact
The flaw can allow unauthorized individuals to manipulate the SQL database, possibly leading to data theft, modification, or even database shutdown.
Recommendations
The vulnerability can be mitigated by validating user inputs, employing least privilege principles to restrict unauthorized access, and implementing web firewalls.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM
- "attack_vector": "NETWORK
- "attack_complexity": "LOW"