CVE-2025-5079

Опубликовано: 22 мая 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

Ссылки

https://github.com/dico-Z/CVE/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.309959
Permissions Required
VDB Entry
https://vuldb.com/?id.309959
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.581439
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:campcodes:online_shopping_portal:1.0:*:*:*:*:*:*:*

cpe:2.3:a:phpgurukul:online_shopping_portal:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-mpm7-f6gv-ghwx

CVSS3: 7.3

github

9 месяцев назад

A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 20%

0.00065

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89