Daojie Zhao

**Name of the Vulnerable Software and Affected Versions** Campcodes Farm Management System version 1.0 **Description** A vulnerability exists in Campcodes Farm Management System version 1.0, specifically within the `/reviewInput.php` file. Manipulation of the `rating` argument can lead to SQL injection. The attack can be carried out remotely, and the exploit has been made public. **Recommendations** As a temporary workaround, consider restricting access to the `/reviewInput.php` file until a fix is available. Sanitize the `rating` input to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** Campcodes Farm Management System version 1.0 **Description** A security flaw exists in Campcodes Farm Management System 1.0. The vulnerability is located in an unknown functionality within the `/review.php` file. Manipulation of the `pid` argument results in SQL injection, allowing for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Advanced Online Voting System version 1.0 **Description** A SQL injection issue exists in an unknown functionality of the file `/admin/login.php`. Manipulation of the `Username` argument can lead to successful exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/login.php` file until a fix is available. Sanitize the `Username` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Campcodes Sales and Inventory System version 1.0 **Description** A critical issue exists in Campcodes Sales and Inventory System 1.0, specifically within the Setting Handler component. The vulnerability is a SQL injection that occurs due to the manipulation of the `ID` argument in the `/pages/settings update.php` file. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Campcodes Sales and Inventory System version 1.0: Address the SQL injection vulnerability by sanitizing the `ID` argument in the `/pages/settings update.php` file.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Sales and Inventory System version 1.0 **Description:** A critical issue exists in Campcodes Sales and Inventory System 1.0. The vulnerability is located in an unknown functionality of the `/pages/reprint cash.php` file. Manipulation of the `sid` argument results in a SQL injection. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Sales and Inventory System version 1.0 **Description:** A critical vulnerability exists in Campcodes Sales and Inventory System that allows for unrestricted file upload. The vulnerability affects unknown code within the `/pages/product update.php` file. Exploitation occurs through manipulation of the `image` argument, enabling remote attacks. The exploit has been publicly disclosed. **Recommendations:** Campcodes Sales and Inventory System version 1.0: Restrict access to the `/pages/product update.php` file or sanitize the `image` argument to prevent unrestricted uploads.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Sales and Inventory System version 1.0 **Description:** A critical issue exists in Campcodes Sales and Inventory System. The vulnerability is located in the file `/pages/product update.php` and allows for SQL injection through manipulation of the `ID` argument. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations:** Apply a fix to address the SQL injection vulnerability in the `/pages/product update.php` file. Sanitize the `ID` argument to prevent malicious code injection.

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical vulnerability exists in Campcodes Sales and Inventory System 1.0. The issue affects an unknown functionality within the `/pages/receipt credit.php` file. Manipulation of the `sid` argument results in a SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be used. Recommendations: Campcodes Sales and Inventory System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.