PT-2025-47542 · Campcodes · Campcodes Supplier Management System
0X0A1Lphj
·
Published
2025-11-20
·
Updated
2025-11-21
·
CVE-2025-13424
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Campcodes Supplier Management System version 1.0
Description
A flaw exists in Campcodes Supplier Management System that allows for SQL injection. The issue is located in the file
/admin/add product.php and involves manipulating the txtProductName argument. Remote exploitation is possible. The exploit has been publicly disclosed.Recommendations
Apply any available updates or patches for Campcodes Supplier Management System version 1.0.
As a temporary workaround, sanitize the
txtProductName input to prevent SQL injection.
Restrict access to the /admin/add product.php file to authorized personnel only.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Supplier Management System