A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
History

Tue, 02 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
References

Tue, 02 Sep 2025 13:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Title Campcodes Online Shopping Portal updateorder.php sql injection PHPGurukul/Campcodes Online Shopping Portal updateorder.php sql injection
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Wed, 28 May 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Campcodes
Campcodes online Shopping Portal
CPEs cpe:2.3:a:campcodes:online_shopping_portal:1.0:*:*:*:*:*:*:*
Vendors & Products Campcodes
Campcodes online Shopping Portal

Thu, 22 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 22 May 2025 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Campcodes Online Shopping Portal updateorder.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-09-02T12:54:17.490Z

Reserved: 2025-05-22T05:36:57.809Z

Link: CVE-2025-5079

cve-icon Vulnrichment

Updated: 2025-05-22T14:47:56.498Z

cve-icon NVD

Status : Modified

Published: 2025-05-22T15:16:06.477

Modified: 2025-09-02T13:15:34.807

Link: CVE-2025-5079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.