CVE-2025-13259 MEDIUM

CVE-2025-13259: Campcodes Supplier Management System edit_unit.php sql injection

Vendor Campcodes

Product Supplier Management System

Weakness CWE-89 · SQLi

Published November 17, 2025

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit_unit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

November 17, 2025 CVE published

February 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13259 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-2351 DayCloud StudentManage Login Endpoint adminScoreUrl sql injection CVE-2025-59129 WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability CVE-2025-1167 Mayuri K Employee Management System Update_User.php sql injection CVE-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection CVE-2025-28983 WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability