CVE-2025-9744

Опубликовано: 31 авг. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/gggg6886/CVE/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.322043
Permissions Required
VDB Entry
https://vuldb.com/?id.322043
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.640335
Third Party Advisory
VDB Entry
https://www.campcodes.com/
Product
https://github.com/gggg6886/CVE/issues/1
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:campcodes:online_loan_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0074

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89

EPSS

Процентиль: 72%

0.0074

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89