CVE-2025-5078

Опубликовано: 22 мая 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Ссылки

https://github.com/GeniusWang23/CVE/issues/2
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.309958
Permissions Required
VDB Entry
https://vuldb.com/?id.309958
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.581432
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.641751
Third Party Advisory
VDB Entry
https://github.com/GeniusWang23/CVE/issues/2
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:campcodes:online_shopping_portal:1.0:*:*:*:*:*:*:*

cpe:2.3:a:phpgurukul:online_shopping_portal:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-3p82-g7cx-7qrf

CVSS3: 7.3

github

9 месяцев назад

A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 19%

0.0006

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89