Login Sign Up

CVE-2025-11599

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

CVE-2025-11599 is a SQL injection vulnerability in Campcodes Online Apartment Visitor Management System 1.0 that allows remote attackers to execute arbitrary SQL commands via the email parameter in /forgot-password.php. This affects all users running the vulnerable version of this web application. The vulnerability is publicly disclosed and exploitable without authentication.

💻 Affected Systems

Products:
  • Campcodes Online Apartment Visitor Management System
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of version 1.0. Requires PHP and MySQL/MariaDB database backend.

📦 What is this software?

Online Apartment Visitor Management System by Campcodes

View all CVEs affecting Online Apartment Visitor Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database permissions allow.

🟠

Likely Case

Database information disclosure, credential theft, and potential privilege escalation leading to system compromise.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires no authentication and uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.campcodes.com/

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries in /forgot-password.php or upgrading to a newer version if available.

🔧 Temporary Workarounds

Input Validation Filter

all

Add email validation and sanitization to /forgot-password.php

Edit /forgot-password.php to validate email format and escape SQL special characters

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to block SQL keywords in email parameter: 'SELECT|UNION|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER'

🧯 If You Can't Patch

  • Block external access to /forgot-password.php via firewall rules
  • Implement rate limiting and monitoring on the forgot password endpoint

🔍 How to Verify

Check if Vulnerable:

Test /forgot-password.php endpoint with SQL injection payloads in email parameter

Check Version:

Check application version in admin panel or source code comments

Verify Fix Applied:

Verify parameterized queries are implemented and test with SQL injection payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed password reset attempts with SQL patterns

Network Indicators:

  • HTTP POST requests to /forgot-password.php containing SQL keywords

SIEM Query:

source="web_logs" AND uri="/forgot-password.php" AND (email="*SELECT*" OR email="*UNION*" OR email="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2025-11599
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: October 11, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11599, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)