Campcodes · Campcodes Online Water Billing System · CVE-2025-8924
Name of the Vulnerable Software and Affected Versions:
Campcodes Online Water Billing System version 1.0
Description:
A SQL injection issue exists in Campcodes Online Water Billing System 1.0 due to improper processing of the `/viewbill.php` file. Manipulation of the `ID` argument can lead to SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed.
Recommendations:
As a temporary workaround, consider restricting access to the `/viewbill.php` file until a fix is available.
Sanitize the `ID` argument to prevent SQL injection attacks.