CVE-2025-13410

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0

Description A SQL injection issue exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue is related to the manipulation of the tid parameter within an unknown function of the /admin/receipt.php file. This allows for remote execution of attacks. The exploit is publicly available. The vulnerability impacts the admin interface, which is frequently targeted by credential stuffing attempts. This issue falls within the scope of PCI DSS due to the potential exposure of payment card data, Personally Identifiable Information (PII), and order history. Access to payment data could necessitate forensic investigation and card reissuance.

Recommendations Update to a newer version that contains a fix for this vulnerability.