CVE-2025-8924

HIGH

Campcodes Online Water Billing System - Injection

Title source: rule

Description

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by encrypter15 · poc

https://github.com/encrypter15/CVE-2025-8924

View Code ZIP pw:eip

References (5)

[Exploit, Issue Tracking] https://github.com/jue22/cve/issues/1

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.319883

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.319883

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.631543

[Product] https://www.campcodes.com/

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 13.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

campcodes/online_water_billing_system 1.0

Published Aug 13, 2025

Tracked Since Feb 18, 2026