A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7121 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Complaint Management System, specifically within the /users/complaint-details.php file. The vulnerability arises from improper sanitization or validation of the 'cid' parameter, which is used to query the database. An attacker can manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to or manipulation of the underlying database. The vulnerability is remotely exploitable without requiring user interaction or authentication, which increases its risk profile. Despite being classified as critical in the description, the official CVSS 4.0 score is 5.3 (medium severity), reflecting factors such as limited impact on confidentiality, integrity, and availability, and the requirement for low privileges (PR:L). The attack vector is network-based (AV:N), and no user interaction is needed (UI:N). The vulnerability has been publicly disclosed, but there are no known exploits in the wild at this time. The lack of available patches or mitigation links suggests that users of this system must take proactive steps to secure their installations. SQL Injection vulnerabilities can lead to unauthorized data access, data modification, or even full system compromise depending on the database privileges and system architecture. Given the nature of complaint management systems, sensitive personal or organizational data could be at risk if exploited.

CVE Database V5

Detailed information about CVE-2025-7121: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7121: SQL Injection in Campcodes Complaint Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7121: SQL Injection in Campcodes Complaint Management System

A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7120 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Complaint Management System. The vulnerability resides in the /users/check_availability.php file, specifically in the handling of the 'email' parameter. An attacker can manipulate this parameter to inject malicious SQL code, which the system executes without proper sanitization or parameterization. This flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability could enable attackers to extract sensitive data, modify or delete records, or potentially escalate privileges within the application or underlying database. Although the CVSS 4.0 base score is 6.9 (medium severity), the lack of authentication and user interaction requirements, combined with the direct impact on data confidentiality, integrity, and availability, make this a significant risk. The vulnerability affects only version 1.0 of the product, and no official patches or fixes have been published yet. No known exploits are currently reported in the wild, but public disclosure increases the risk of exploitation attempts.

Detailed information about CVE-2025-7120: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

Source: https://hackread.com/android-malware-adware-trojan-crypto-theft-q2-threats/

The reported threat concerns a surge in Android malware during Q2, characterized primarily by the proliferation of adware, trojans, and crypto theft malware. This surge indicates an increased volume and diversity of malicious software targeting Android devices, exploiting the platform's widespread use and sometimes less restrictive app distribution channels. Adware variants typically focus on intrusive advertising and unauthorized data collection, degrading user experience and potentially exposing sensitive information. Trojans represent a more severe threat, often masquerading as legitimate applications to gain unauthorized access to device resources, steal credentials, or install additional payloads. Crypto theft malware specifically targets cryptocurrency wallets and transactions, aiming to exfiltrate private keys or manipulate transactions to divert funds. The technical details are limited, with no specific affected Android versions or known exploits in the wild documented, and minimal discussion on the Reddit source. However, the threat is considered medium severity due to the combination of malware types and their potential impact on user privacy and financial assets. The lack of patch links or detailed technical indicators suggests this is a broad trend report rather than a single exploit or vulnerability. The source is a news article linked from a Reddit InfoSec community, indicating the information is recent and newsworthy but not deeply technical or confirmed by multiple threat intelligence feeds.

Reddit InfoSec News

Detailed information about Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats. Get real-time updates, technical details, and mitigatio

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats - Live Threat Intelligence - Threat Radar | OffSeq.com

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

Reddit Discussion: Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7119 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Complaint Management System, specifically within an unspecified functionality of the /users/index.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which can be manipulated by an attacker to inject malicious SQL code. This injection flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of remote exploitation without privileges or user interaction, but with limited impact on confidentiality, integrity, and availability (each rated low). The attack vector is network-based, requiring no authentication or user interaction, and the scope is unchanged, meaning the vulnerability affects only the vulnerable component. The lack of a patch or mitigation details in the disclosure suggests that organizations using this system remain exposed until a fix is released or workarounds are implemented.

Detailed information about CVE-2025-7119: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System

A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7122: SQL Injection in Campcodes Complaint Management System affecting Campcodes Complaint Management System. Get real-time 

CVE-2025-7122: SQL Injection in Campcodes Complaint Management System

CVE-2025-7122: SQL Injection in Campcodes Complaint Management System

Description

Technical Details

Related Threats

CVE-2025-7121: SQL Injection in Campcodes Complaint Management System

CVE-2025-7120: SQL Injection in Campcodes Complaint Management System

CVE-2025-7119: SQL Injection in Campcodes Complaint Management System

CVE-2025-7118: Buffer Overflow in UTT HiPER 840G

CVE-2025-7117: Buffer Overflow in UTT HiPER 840G

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility