Angel9

**Name of the Vulnerable Software and Affected Versions:** Campcodes Sales and Inventory System version 1.0 **Description:** A critical issue exists in Campcodes Sales and Inventory System 1.0 related to the processing of the `/pages/product add.php` file. Manipulation of the `prod name` argument can lead to SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations:** As a temporary workaround, consider restricting access to the `/pages/product add.php` file until a fix is available. Sanitize the `prod name` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Sales and Inventory System version 1.0 **Description:** A critical issue exists in Campcodes Sales and Inventory System 1.0, allowing for unrestricted file upload. The vulnerability is located in an unknown function within the `/pages/product add.php` file. Exploitation occurs through manipulation of the `image` argument, enabling remote attacks. The exploit details have been publicly disclosed. **Recommendations:** Apply any available updates to address the unrestricted upload issue in the `/pages/product add.php` file. As a temporary workaround, restrict or disable file upload functionality to mitigate the risk of exploitation.