CVE-2025-13260

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0

Description A flaw exists in Campcodes Supplier Management System version 1.0 that allows for SQL injection. This issue affects an unknown function within the

/manufacturer/edit product.php

file. Manipulation of the

cmbProductUnit

argument can lead to a successful attack, which can be launched remotely. The exploit for this issue has been publicly disclosed.

Recommendations Campcodes Supplier Management System version 1.0: As a temporary workaround, consider restricting access to the

/manufacturer/edit product.php

file to minimize the risk of exploitation. Avoid using the

cmbProductUnit

parameter in the affected file until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-13260

Affected Products

Campcodes Supplier Management System

CVE-2025-13260

Weakness Enumeration

Related Identifiers

Affected Products

References · 10