CVE-2025-10444 MEDIUM

CVE-2025-10444: Campcodes Online Job Finder System advancesearch.php sql injection

Vendor Campcodes

Product Online Job Finder System

Weakness CWE-89 · SQLi

Published September 15, 2025

Last update September 15, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

September 15, 2025 CVE published

September 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10444

Related vulnerabilities

04Related CVE

CVE-2025-2854 code-projects Payroll Management System update_employee.php sql injection CVE-2024-3039 Shanghai Brad Technology BladeX API export-user sql injection CVE-2025-13273 Campcodes School Fees Payment Management System ajax.php sql injection CVE-2025-6470 code-projects Online Bidding System bidlog.php sql injection CVE-2024-43132 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability