{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10857","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-22T14:23:56.038Z","datePublished":"2025-09-23T08:32:11.548Z","dateUpdated":"2025-09-23T19:32:55.037Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-23T08:32:11.548Z"},"title":"Campcodes Point of Sale System POS login.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Campcodes","product":"Point of Sale System POS","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited."},{"lang":"de","value":"Eine Schwachstelle wurde in Campcodes Point of Sale System POS 1.0 gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /login.php. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-22T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-22T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-22T16:29:00.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"liule960117 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.325228","name":"VDB-325228 | Campcodes Point of Sale System POS login.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.325228","name":"VDB-325228 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.657940","name":"Submit #657940 | https://www.campcodes.com complete-point-of-sale-system-pos-using-php-mysql-source-code 1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://www.yuque.com/yuqueyonghuexlgkz/zepczx/un2cmghguhg4aogn?singleDoc","tags":["exploit"]},{"url":"https://www.campcodes.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-23T19:32:21.368692Z","id":"CVE-2025-10857","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-23T19:32:55.037Z"}}]}}