CVE-2025-5676

Name of the Vulnerable Software and Affected Versions Campcodes Online Recruitment Management System version 1.0

Description A critical issue has been identified, affecting the /admin/ajax.php?action=login file. The Username argument is vulnerable to sql injection, which can be exploited remotely. The issue has been publicly disclosed.

Recommendations For Campcodes Online Recruitment Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/ajax.php?action=login endpoint or validating and sanitizing the Username argument to prevent sql injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.