CVE-2025-5081
Critical vulnerability in Campcodes Cybercafe Management System
Overview
A critical SQL injection vulnerability was found in Campcodes Cybercafe Management System 1.0. This vulnerability exists due to improper sanitization of user input in 'mobilenumber' in /adminprofile.php file.
Technical Details
The vulnerability stems from an unknown functionality of /adminprofile.php file in Campcodes Cybercafe Management System 1.0. The system fails to appropriately sanitize the 'mobilenumber' argument, leading to an SQL Injection vulnerability.
CVSS Metrics
- cvss_score: 7.3
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: NONE
- user_interaction: NONE
- scope: UNCHANGED
- confidentiality_impact: LOW
- integrity_impact: LOW
- availability_impact: LOW
Impact
An attacker can exploit this vulnerability remotely to manipulate SQL queries, enabling them to view, modify, or delete information within the database.
Recommendations
The recommend mitigation strategy would be to sanitize and validate all user inputs and define a list of trusted inputs. Always ensure applications are up-to-date with the latest patches and updates.
Threat Metrics
- cvss_score: 7.3
- severity: HIGH
- attack_vector: NETWORK
- attack_complexity: LOW