CVE Details
Basic Information
| Title | Campcodes Employee Management System aprocess.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-01T14:02:08.490Z |
| Modified | 2025-07-01T14:37:11.378Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Employee Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability exists in Campcodes Employee Management System 1.0 due to improper input sanitization in the mailuid argument of aprocess.php. This allows remote attackers to inject malicious SQL code, potentially leading to data theft or system compromise. The vulnerability is considered critical and has a publicly disclosed exploit. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Campcodes |
| AI Product | Employee Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Employee Management System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.