SQL Injection Vulnerability in Campcodes Advanced Online Voting System
CVE-2025-7150

5.3MEDIUM

Key Information:

Vendor: Campcodes
Status: Advanced Online Voting System
Vendor: CVE Published:; 7 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7150?

A SQL injection vulnerability exists in Campcodes Advanced Online Voting System 1.0, specifically in the admin interface file /admin/voters_delete.php. This flaw allows remote attackers to manipulate the ID parameter in HTTP requests, potentially leading to unauthorized access to the database. The vulnerability has been publicly disclosed and poses a serious risk, as it can be exploited without authentication, enabling attackers to execute arbitrary SQL queries on the underlying database.

Affected Version(s)

Advanced Online Voting System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7150 - Proof of Concept