CVE-2025-10804
📋 TL;DR
This SQL injection vulnerability in Campcodes Online Beauty Parlor Management System 1.0 allows attackers to manipulate database queries through the mobilenum parameter in the /admin/add-customer.php file. Attackers can potentially read, modify, or delete data in the database. Organizations using this specific software version are affected.
💻 Affected Systems
- Campcodes Online Beauty Parlor Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, or deletion of all customer and business data, potentially leading to business disruption and regulatory violations.
Likely Case
Unauthorized access to sensitive customer information (names, contact details, appointments) and potential manipulation of business records.
If Mitigated
Limited data exposure if proper input validation and database permissions are implemented, with minimal business impact.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Attack requires access to the admin interface but SQL injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://www.campcodes.com/
Restart Required: No
Instructions:
1. Check vendor website for updates. 2. If no patch available, implement input validation and parameterized queries in /admin/add-customer.php. 3. Sanitize all user inputs, especially the mobilenum parameter.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation to ensure mobilenum parameter contains only numeric characters and proper length.
Implement PHP validation: if(!preg_match('/^[0-9]{10,15}$/', $_POST['mobilenum'])) { die('Invalid mobile number'); }
Web Application Firewall Rules
allDeploy WAF rules to block SQL injection patterns targeting the /admin/add-customer.php endpoint.
Add WAF rule: Block requests to /admin/add-customer.php containing SQL keywords like UNION, SELECT, INSERT, DELETE in mobilenum parameter
🧯 If You Can't Patch
- Restrict access to /admin/ directory to trusted IP addresses only
- Implement database user with minimal permissions (read-only for customer data operations)
🔍 How to Verify
Check if Vulnerable:
Test the /admin/add-customer.php endpoint with SQL injection payloads in the mobilenum parameter (e.g., mobilenum=1' OR '1'='1).Check Version:
Check the software version in the admin panel or review the source code for version indicators.Verify Fix Applied:
Attempt the same SQL injection tests after implementing fixes; successful queries should be blocked or sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts followed by /admin/add-customer.php access
- SQL keywords in POST parameters to add-customer.php
Network Indicators:
- POST requests to /admin/add-customer.php containing SQL injection patterns
- Unusual database query patterns from the application server
SIEM Query:
source="web_logs" AND uri="/admin/add-customer.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT")