SQL Injection Vulnerability in Campcodes Advanced Online Voting Management System
CVE-2025-11111
Key Information:
- Vendor
Campcodes
- Vendor
- CVE Published:
- 28 September 2025
Badges
What is CVE-2025-11111?
A significant SQL injection vulnerability has been discovered in the Campcodes Advanced Online Voting Management System version 1.0. This issue resides in the /admin/candidates_edit.php file, where improper handling of the ID parameter allows attackers to manipulate database queries. As a result, an attacker could execute arbitrary SQL commands remotely, leading to unauthorized access to sensitive data or manipulation of votes. This vulnerability has been made public, heightening the risk for current users. It is essential for users of this system to apply mitigation strategies and seek timely patches to safeguard against potential exploits.
Affected Version(s)
Advanced Online Voting Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved