11 matches found
CVE-2025-5079
CVE-2025-5079 affects Campcodes Online Shopping Portal version 1.0. The vulnerability lies in the file /admin/updateorder.php where manipulation of the remark parameter can lead to a SQL injection. The attack can be performed remotely, and a published exploit exists. Impact details in connected d...
CVE-2025-5078
CVE-2025-5078 affects Campcodes Online Shopping Portal 1.0 (PHPGurukul/Campcodes). The /admin/subcategory.php script is vulnerable: manipulation of the Category argument enables SQL injection. Exploitation is remote and PoC/public exploit activity is noted. Remediation status is not provided in t...
CVE-2025-5077
CVE-2025-5077 affects Campcodes Online Shopping Portal 1.0. A SQL injection vulnerability exists in the /admin/edit-subcategory.php file via the Category parameter, exploitable remotely. Multiple sources classify the impact as high/critical with potential compromise of confidentiality, integrity,...
CVE-2025-5059
The CVE-2025-5059 entry concerns Campcodes Online Shopping Portal 1.0. The vulnerability resides in the admin/edit-subcategory.php handler, where manipulating the arguments productimage1, productimage2, or productimage3 enables unrestricted file uploads. Exploitation is possible remotely, and mul...
CVE-2025-5057
CVE-2025-5057 affects Campcodes Online Shopping Portal 1.0. The vulnerability is an SQL injection in the admin function, specifically in /admin/insert-product.php where manipulating the Category parameter can be exploited remotely. Multiple sources describe the issue as critical with potential im...
CVE-2025-5006
CVE-2025-5006 affects Campcodes Online Shopping Portal 1.0. The vulnerability resides in an input of the file /admin/category.php (Category parameter) and leads to SQL injection. It can be exploited remotely; exploitation details are disclosed in public sources. The Connected documents specify mu...
CVE-2025-5032
CVE-2025-5032 affects Campcodes Online Shopping Portal 1.0. The vulnerability is an SQL injection in an unknown function of /admin/edit-category.php triggered by manipulating the Category parameter. It can be exploited remotely and public disclosures exist. The connected documents do not specify ...
CVE-2025-4875
CVE-2025-4875 concerns Campcodes Online Shopping Portal 1.0 and a SQL injection in /forgot-password.php triggered by manipulating the email parameter. The issue is exploitable remotely and, per sources, exploitation has been publicized. Connected documents specify the vulnerability context and im...
CVE-2025-4929
The CVE describes a SQL injection vulnerability in Campcodes Online Shopping Portal 1.0, triggered by unauthenticated manipulation of the Name parameter in the file /my-account.php. This is caused by insufficient input validation/escaping, allowing an attacker to inject SQL commands and potential...
CVE-2025-5056
CVE-2025-5056 affects Campcodes Online Shopping Portal 1.0. The vulnerability lies in /admin/edit-products.php where manipulating the Category parameter enables SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly. Multiple sources corroborate the issue’s criti...
CVE-2025-4930
CVE-2025-4930 affects Campcodes Online Shopping Portal 1.0, specifically the file /my-cart.php where manipulating the billingaddress argument leads to a SQL injection. The vulnerability is exploitable remotely and has public disclosure; multiple sources classify it as severe (critical to high/med...