How to fix EUVD-2025-19029?

Within 24 hours: Identify all systems running Campcodes version 1.0 and restrict network access to the vulnerable view_application.php file; notify recruitment stakeholders of potential exposure. Within 7 days: Implement a Web Application Firewall (WAF) rule blocking SQL injection patterns to the ID parameter in Recruitment/admin/view_application.php; conduct audit logs for unauthorized access attempts. Within 30 days: Develop and test migration plan to a patched version; if no vendor patch emerges, evaluate replacement recruitment management systems or implement complete network isolation of the affected system.

Is PHP affected by EUVD-2025-19029?

A publicly disclosed SQL injection vulnerability in the Campcodes Online Recruitment Management System allows remote attackers to compromise recruitment data and system integrity without authentication.

EUVD-2025-19029

| CVE-2025-6567 HIGH

2025-06-24 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19029

PoC Detected

Jun 27, 2025 - 16:48 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 15:15 nvd

HIGH 7.3

Description

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6567 is a critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0, specifically in the Recruitment/admin/view_application.php file where the ID parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of recruitment records. The vulnerability has been publicly disclosed with proof-of-concept code available, and exploitation requires no special privileges or user interaction.

Technical Context

The vulnerability exists in a PHP-based web application (Campcodes Online Recruitment Management System) that processes user-supplied input without proper parameterized query protection. CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection') indicates the root cause: the ID parameter in view_application.php is directly concatenated into SQL queries without adequate escaping or prepared statement usage. The affected component is an administrative interface (Recruitment/admin/view_application.php), suggesting the vulnerability may be in a protected administrative area, though the CVSS vector (PR:N) indicates no prior authentication is required, indicating either authentication bypass or an exposed administrative endpoint.

Affected Products

- product: Campcodes Online Recruitment Management System; version: 1.0; affected_component: Recruitment/admin/view_application.php; vulnerable_parameter: ID; vulnerability_type: SQL Injection (CWE-74); cpe_match: cpe:2.3:a:campcodes:online_recruitment_management_system:1.0:*:*:*:*:*:*:*

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: +20

EUVD-2025-19029 vulnerability details – vuln.today

Back

EUVD-2025-19029

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-19029

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code