CVE-2025-14990

EUVD-2025-204664
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
campcodescomplete_online_beauty_parlor_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/funnnxxx/my-cve/issues/2
https://vuldb.com/?ctiid.337684
https://vuldb.com/?id.337684
https://vuldb.com/?submit.718453
https://www.campcodes.com/