CVE-2025-1578

CWE-74 CWE-89 — SQL Injection CWE-4134 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 82.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Campcodes Online Shopping Portal Phpgurukul Online Shopping Portal

Timeline

PublishedFeb 23

Latest updateSep 16

Description

A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5campcodes/online_shopping_portal2.1

▶CVEListV5phpgurukul/online_shopping_portal2.1

▶NVDphpgurukul/online_shopping_portal2.1

🔴Vulnerability Details

CVEList

PHPGurukul/Campcodes Online Shopping Portal search-result.php sql injection↗2025-02-23

▶

GHSA

GHSA-wrf7-hwm2-8m4r: A vulnerability, which was classified as critical, was found in PHPGurukul Online Shopping Portal 2↗2025-02-23

▶

📋Vendor Advisories

Red Hat

kernel: net/mlx5: Fix lockdep assertion on sync reset unload event↗2025-09-16

▶