Campcodes Online Shopping Portal 1.0 /my-account.php Sunu SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a Campcodes Online Shopping Portal 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /my-account.php, a cikin sashi $software_component. Wuro manipulation of the argument Sunu ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 05/18/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-4929. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 97 Datenpunkte

FurɗeSúgá
05/18/2025 08:44		Gargadi 1/2
05/19/2025 14:28		Gargadi 2/2
06/11/2025 17:29
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prNNN
cvss4_vuldb_uiNNN
cvss4_vuldb_vcLLL
cvss4_vuldb_viLLL
cvss4_vuldb_vaLLL
cvss4_vuldb_ePPP
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
cvss3_meta_basescore7.37.38.1
cvss3_meta_tempscore6.66.67.9
cvss4_vuldb_bscore6.96.96.9
cvss4_vuldb_btscore5.55.55.5
advisory_date1747519200 (05/18/2025)1747519200 (05/18/2025)1747519200 (05/18/2025)
price_0day$0-$5k$0-$5k$0-$5k
software_vendorCampcodesCampcodesCampcodes
software_nameOnline Shopping PortalOnline Shopping PortalOnline Shopping Portal
software_version1.01.01.0
software_file/my-account.php/my-account.php/my-account.php
software_argumentnamenamename
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/N1sa26/CVE/issues/1https://github.com/N1sa26/CVE/issues/1https://github.com/N1sa26/CVE/issues/1
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/N1sa26/CVE/issues/1https://github.com/N1sa26/CVE/issues/1https://github.com/N1sa26/CVE/issues/1
source_cveCVE-2025-4929CVE-2025-4929CVE-2025-4929
cna_responsibleVulDBVulDBVulDB
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
euvd_idEUVD-2025-15692EUVD-2025-15692
cve_nvd_summaryA vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryesSe encontró una vulnerabilidad en Campcodes Online Shopping Portal 1.0. Se ha clasificado como crítica. Este problema afecta a un procesamiento desconocido del archivo /my-account.php. La manipulación del argumento "Name" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prN
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore6.9
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore7.3
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore9.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auN
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore7.5

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!