CVE Alert: CVE-2025-9761 – Campcodes – Online Feeds Product Inventory System
CVE-2025-9761
HIGHNo exploitation known
A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Details
- Vendor: Campcodes
- Product: Online Feeds Product Inventory System
- Versions: 1.0
- CWE: CWE-89, SQL Injection
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
- Published: 2025-09-01T04:32:07.141Z
- Updated: 2025-09-01T04:32:07.141Z
References
AI Summary Analysis
Risk verdict
High risk: remote SQL injection on the login component with public disclosure; watch for active exploitation or mass probing.
Why this matters
The vulnerability permits unauthenticated access to the underlying database through the login flow, risking data exposure, modification of inventory records, and potential further compromise of connected systems. With public exploitation guidance available, opportunistic attackers may scan internet-facing instances and automate attempts to exfiltrate or corrupt data.
Most likely attack path
An attacker targets the /feeds/index.php login endpoint, supplying crafted Username input to induce SQL injection. No user interaction or credentials are required, and exploitation can disclose or alter data at the database level. If the database is reachable from the application or if the query results leak, attackers may pivot to broader data access while remaining within the compromised application context.
Who is most exposed
Any organisation running Campcodes’ Online Feeds Product Inventory System v1.0 with a publicly reachable login page is at risk, especially small- to medium-sized deployments on internet-exposed servers or low-segmentation environments.
Detection ideas
- Alerts for SQL error messages or anomalous responses from the login endpoint.
- Logs showing injection-like payloads or unusual Unicode/escape patterns in Username.
- Sudden spikes in login attempts from diverse IPs or unusual query results in DB logs.
- IDS/IPS signatures or WAF alerts targeting SQLi payloads on /feeds/index.php.
- Unusual data access or modification events in the inventory database.
Mitigation and prioritisation
- Apply vendor patch or updated build addressing the SQL injection (prerequisite: confirm availability).
- If no patch yet, implement input validation and parameterised queries; enforce least privilege for the app DB account.
- Enable WAF rules specifically for SQLi on the login endpoint; restrict exposure of the login interface where feasible.
- Network segmentation and disable broad internet exposure of the login page until mitigated.
- Monitor: implement enhanced logging for login traffic and perform a targeted remediation window.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
