CVE-2025-9692 MEDIUM

CVE-2025-9692: Campcodes Online Shopping System product.php sql injection

Vendor Campcodes

Product Online Shopping System

Weakness CWE-89 · SQLi

Published August 30, 2025

Last update September 2, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

August 30, 2025 CVE published

September 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9692

Related vulnerabilities

04Related CVE

CVE-2025-4028 PHPGurukul COVID19 Testing Management System profile.php sql injection CVE-2024-47304 WordPress Fluent Support plugin <= 1.8.0 - SQL Injection vulnerability CVE-2023-3120 SourceCodester Service Provider Management System view_service.php sql injection CVE-2025-10481 SourceCodester Online Student File Management System remove_file.php sql injection CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete