A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7120 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Complaint Management System. The vulnerability resides in the /users/check_availability.php file, specifically in the handling of the 'email' parameter. An attacker can manipulate this parameter to inject malicious SQL code, which the system executes without proper sanitization or parameterization. This flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability could enable attackers to extract sensitive data, modify or delete records, or potentially escalate privileges within the application or underlying database. Although the CVSS 4.0 base score is 6.9 (medium severity), the lack of authentication and user interaction requirements, combined with the direct impact on data confidentiality, integrity, and availability, make this a significant risk. The vulnerability affects only version 1.0 of the product, and no official patches or fixes have been published yet. No known exploits are currently reported in the wild, but public disclosure increases the risk of exploitation attempts.

CVE Database V5

Detailed information about CVE-2025-7120: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

Source: https://hackread.com/android-malware-adware-trojan-crypto-theft-q2-threats/

The reported threat concerns a surge in Android malware during Q2, characterized primarily by the proliferation of adware, trojans, and crypto theft malware. This surge indicates an increased volume and diversity of malicious software targeting Android devices, exploiting the platform's widespread use and sometimes less restrictive app distribution channels. Adware variants typically focus on intrusive advertising and unauthorized data collection, degrading user experience and potentially exposing sensitive information. Trojans represent a more severe threat, often masquerading as legitimate applications to gain unauthorized access to device resources, steal credentials, or install additional payloads. Crypto theft malware specifically targets cryptocurrency wallets and transactions, aiming to exfiltrate private keys or manipulate transactions to divert funds. The technical details are limited, with no specific affected Android versions or known exploits in the wild documented, and minimal discussion on the Reddit source. However, the threat is considered medium severity due to the combination of malware types and their potential impact on user privacy and financial assets. The lack of patch links or detailed technical indicators suggests this is a broad trend report rather than a single exploit or vulnerability. The source is a news article linked from a Reddit InfoSec community, indicating the information is recent and newsworthy but not deeply technical or confirmed by multiple threat intelligence feeds.

Reddit InfoSec News

Detailed information about Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats. Get real-time updates, technical details, and mitigatio

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats - Live Threat Intelligence - Threat Radar | OffSeq.com

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

Reddit Discussion: Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7119 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Complaint Management System, specifically within an unspecified functionality of the /users/index.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which can be manipulated by an attacker to inject malicious SQL code. This injection flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of remote exploitation without privileges or user interaction, but with limited impact on confidentiality, integrity, and availability (each rated low). The attack vector is network-based, requiring no authentication or user interaction, and the scope is unchanged, meaning the vulnerability affects only the vulnerable component. The lack of a patch or mitigation details in the disclosure suggests that organizations using this system remain exposed until a fix is released or workarounds are implemented.

Detailed information about CVE-2025-7119: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System

A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7118 is a critical buffer overflow vulnerability identified in the UTT HiPER 840G device, specifically affecting versions up to 3.1.1-190328. The vulnerability arises from improper handling of the 'importpictureurl' argument within the /goform/formPictureUrl endpoint. An attacker can remotely send a specially crafted request manipulating this argument to trigger a buffer overflow condition. This type of vulnerability can lead to arbitrary code execution, denial of service, or system compromise without requiring user interaction or authentication. The CVSS 4.0 score of 8.7 reflects a high severity, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is high, indicating potential full system compromise. The vendor has been contacted but has not responded or provided a patch, and while no exploits are currently known to be in the wild, the public disclosure of the exploit increases the risk of exploitation. The vulnerability affects a specific processing routine related to image URL import functionality, which suggests that the device’s web interface or API is vulnerable to remote exploitation. The lack of vendor response and patch availability increases the urgency for affected organizations to implement mitigations.

Detailed information about CVE-2025-7118: Buffer Overflow in UTT HiPER 840G affecting UTT HiPER 840G. Get real-time updates, technical details, and mitigation s

CVE-2025-7118: Buffer Overflow in UTT HiPER 840G - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7118: Buffer Overflow in UTT HiPER 840G

A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7121: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7121: SQL Injection in Campcodes Complaint Management System

CVE-2025-7121: SQL Injection in Campcodes Complaint Management System

Description

Technical Details

Related Threats

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System

CVE-2025-7118: Buffer Overflow in UTT HiPER 840G

CVE-2025-7117: Buffer Overflow in UTT HiPER 840G

CVE-2025-7116: Buffer Overflow in UTT 进取 750W

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility