SQL Injection Vulnerability in Campcodes Courier Management System
CVE-2025-8254

5.3MEDIUM

Key Information:

Vendor: Campcodes
Status: Courier Management System
Vendor: CVE Published:; 28 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8254?

A significant SQL injection vulnerability exists in the Campcodes Courier Management System version 1.0, particularly affecting the /view_parcel.php file. This flaw arises from improper handling of the ID argument, allowing attackers to execute arbitrary SQL queries. Given its remote exploitability, this vulnerability poses a serious risk, as malicious actors could gain unauthorized access to sensitive data or manipulate the database. Immediate patching and system audits are recommended to mitigate the threat.

Affected Version(s)

Courier Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8254 - Proof of Concept