SQL Injection in Campcodes Complaint Management System Affects User Data Integrity
CVE-2025-7123

5.1MEDIUM

Key Information:

Vendor: Campcodes
Status: Complaint Management System
Vendor: CVE Published:; 7 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7123?

A vulnerability exists within the Campcodes Complaint Management System version 1.0 that allows an attacker to exploit improper input validation in the file /admin/complaint-details.php. Manipulating parameters such as cid or uid can lead to uncontrolled SQL queries, enabling unauthorized access to sensitive data. Given that the attack can be initiated remotely, this flaw poses a significant risk to users relying on this system for data management. It has been disclosed publicly, increasing the urgency for timely remediation.

Affected Version(s)

Complaint Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7123 - Proof of Concept