CVE-2025-5078

CWE-74 CWE-89 — SQL Injection3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.2%

top 57.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Campcodes Online Shopping Portal Phpgurukul Online Shopping Portal

Timeline

PublishedMay 22

Description

A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5campcodes/online_shopping_portal1.0

▶NVDcampcodes/online_shopping_portal1.0

▶CVEListV5phpgurukul/online_shopping_portal1.0

▶NVDphpgurukul/online_shopping_portal1.0

🔴Vulnerability Details

CVEList

PHPGurukul/Campcodes Online Shopping Portal subcategory.php sql injection↗2025-05-22

▶

GHSA

GHSA-3p82-g7cx-7qrf: A vulnerability was found in Campcodes Online Shopping Portal 1↗2025-05-22

▶