CVE Details
Basic Information
| Title | Campcodes Employee Management System eprocess.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-01T14:32:05.909Z |
| Modified | 2025-07-01T15:13:40.570Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Employee Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A remote SQL injection vulnerability in the eprocess.php file of Campcodes Employee Management System version 1.0. This allows attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. The vulnerability is considered critical due to the potential impact on data integrity and confidentiality. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Campcodes |
| AI Product | Employee Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Employee Management System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.