PT-2025-21769 · Unknown · Campcodes Sales/Inventory System

Iggbond

Publicado

2025-05-17

Atualizado

2025-05-22

CVE-2025-4815

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0

Description: A critical issue was found in the system, affecting some unknown functionality of the file /pages/supplier update.php. The manipulation of the Name argument leads to SQL injection. The attack can be launched remotely.

Recommendations: For Campcodes Sales and Inventory System version 1.0, consider restricting access to the /pages/supplier update.php file until a patch is available. As a temporary workaround, avoid using the Name argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-4815

Produtos afetados

Campcodes Sales/Inventory System

PT-2025-21769 · Unknown · Campcodes Sales/Inventory System

CVE-2025-4815

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11