CVE-2025-13259
MEDIUMCampcodes Supplier Management System - Injection
Title source: ruleDescription
A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit_unit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
References (6)
Scores
CVSS v3
6.3
EPSS
0.0005
EPSS Percentile
16.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-74
CWE-89
Status
published
Affected Products (1)
campcodes/supplier_management_system
Timeline
Published
Nov 17, 2025
Tracked Since
Feb 18, 2026