CVE Details
Basic Information
| Title | Campcodes Sales and Inventory System Setting settings_update.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-21T18:02:05.912Z |
| Modified | 2025-07-21T18:02:05.912Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Sales and Inventory System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability was discovered in Campcodes Sales and Inventory System version 1.0. This vulnerability affects the settings_update.php file and could allow remote attackers to inject malicious SQL code, potentially leading to data breaches or unauthorized access. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Campcodes |
| AI Product | Sales and Inventory System |
| AI Version | 1.0 |
Affected Products
- Campcodes Sales and Inventory System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.