CVE-2025-8952

Name of the Vulnerable Software and Affected Versions: Campcodes Online Flight Booking Management System version 1.0

Description: A SQL injection issue exists in Campcodes Online Flight Booking Management System version 1.0. The vulnerability is located in an unknown functionality of the /admin/ajax.php?action=login file within the Login component. Manipulation of the Username argument can lead to a successful SQL injection attack, which can be launched remotely. The exploit has been publicly disclosed.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.