{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-12338","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-27T12:41:39.706Z","datePublished":"2025-10-28T00:32:06.361Z","dateUpdated":"2026-02-24T07:13:46.854Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T07:13:46.854Z"},"title":"Campcodes Retro Basketball Shoes Online Store admin_product.ph sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Campcodes","product":"Retro Basketball Shoes Online Store","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:campcodes:retro_basketball_shoes_online_store:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing a manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-27T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-27T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-10-30T00:17:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Hanyu  Luo (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.330125","name":"VDB-330125 | Campcodes Retro Basketball Shoes Online Store admin_product.ph sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.330125","name":"VDB-330125 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.674492","name":"Submit #674492 | Campcodes Retro Basketball Shoes Online Store V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/HYLCXH/CVE/issues/16","tags":["exploit","issue-tracking"]},{"url":"https://www.campcodes.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-28T14:23:03.789513Z","id":"CVE-2025-12338","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-28T14:23:27.048Z"}}]}}