关键信息 CVE Identifier: CVE-2025-13291 Vulnerability Type: SQL Injection Severity: Critical Affected Product: Campcodes Supplier Management System 1.0 Vulnerable File: Vulnerable Parameter: Description Summary: SQL Injection vulnerability exists in the file , affecting an unknown code. Manipulating the argument can lead to SQL injection. Details: The product constructs SQL commands using externally influenced input without proper neutralization, leading to potential harmful SQL commands when sent to a downstream component. The vulnerability impacts confidentiality, integrity, and availability. Exploit Public Exploit: Available on GitHub. Exploit Download: https://github.com/... Attack Technique: T1505 (MITRE ATT&CK) Search for Vulnerable Systems Google Dork: Suggested Actions Replacement: Consider replacing the affected product with an alternative to mitigate the vulnerability.