CVE Details
Basic Information
| Title | Campcodes Employee Management System edit.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-01T14:32:07.870Z |
| Modified | 2025-07-01T14:54:16.563Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Employee Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical SQL injection vulnerability in Campcodes Employee Management System 1.0 allows remote attackers to inject arbitrary SQL commands via the ID argument in edit.php. This could lead to unauthorized database access and data manipulation. The exploit is publicly available, increasing the risk of exploitation. |
|---|---|
| AI Severity | High |
| AI Vendor | Campcodes |
| AI Product | Employee Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Employee Management System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.