प्लेटफ़ॉर्म
php
में ठीक किया गया
1.0.1
CVE-2025-13412 describes a cross-site scripting (XSS) vulnerability affecting Campcodes Retro Basketball Shoes Online Store versions 1.0. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides in the /admin/adminrunning.php file and is triggered by manipulating the productname argument. A patch is expected to resolve this issue.
Successful exploitation of CVE-2025-13412 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to the theft of sensitive information, such as session cookies, which can then be used to impersonate the user. An attacker could also inject malicious code to redirect users to phishing sites or deface the website. The remote nature of the vulnerability means that an attacker does not need to be on the same network as the target system to exploit it.
This vulnerability has been publicly disclosed. A proof-of-concept exploit may be available, increasing the risk of exploitation. The CVSS score is LOW (2.4), suggesting that the vulnerability is relatively easy to exploit and has a limited impact. No KEV listing or active exploitation campaigns have been reported as of the publication date.
Administrators of Campcodes Retro Basketball Shoes Online Store installations, particularly those running version 1.0, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially lead to the compromise of others.
• php / web:
grep -r 'product_name' /var/www/campcodes/• generic web:
curl -I <target_url>/admin/admin_running.php?product_name=<script>alert(1)</script>• generic web:
grep -r 'admin_running.php' /var/log/apache2/access.logdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.06% (18% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-13412 is to upgrade to a patched version of Campcodes Retro Basketball Shoes Online Store. As no fixed version is specified, contact the vendor for an update. Until a patch is available, consider implementing input validation and output encoding on the productname parameter in /admin/adminrunning.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a layer of protection.
Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código malicioso a través del parámetro product_name en el archivo admin_running.php. Validar y limpiar las entradas del usuario es crucial para prevenir ataques XSS.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-13412 is a cross-site scripting (XSS) vulnerability in Campcodes Retro Basketball Shoes Online Store version 1.0, allowing attackers to inject malicious scripts via the product_name parameter.
If you are running Campcodes Retro Basketball Shoes Online Store version 1.0, you are potentially affected by this vulnerability. Check with the vendor for a patch.
The recommended fix is to upgrade to a patched version of Campcodes Retro Basketball Shoes Online Store. Contact the vendor for an update.
While no active exploitation campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Please refer to the Campcodes website or contact their support team for the official advisory regarding CVE-2025-13412.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।