CVE-2025-6962 MEDIUM

CVE-2025-6962: Campcodes Employee Management System myprofileup.php sql injection

Vendor Campcodes
Product Employee Management System
Weakness CWE-89 · SQLi
Published July 1, 2025
Last update July 1, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 1, 2025 CVE published
July 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-41803 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter CVE-2024-13476 LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - Unauthenticated SQL Injection CVE-2025-14877 Campcodes Supplier Management System add_retailer.php sql injection CVE-2026-2821 Fujian Smart Integrated Management Platform System XCamera.ashx sql injection CVE-2025-9839 itsourcecode Student Information Management System index.php sql injection