Dezhi Liu

**Name of the Vulnerable Software and Affected Versions** Campcodes Computer Sales and Inventory System version 1.0 **Description** A security flaw exists in Campcodes Computer Sales and Inventory System 1.0. The flaw is due to SQL injection in an unknown function of the file `/pages/cust edit1.php`. Manipulation of the `ID` argument can trigger the injection. The attack can be performed remotely. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Computer Sales and Inventory System version 1.0 **Description** A weakness exists in Campcodes Computer Sales and Inventory System that allows for SQL injection. The issue is located in an unknown function of the file `/pages/sup searchfrm.php?action=edit`. Manipulation of the `ID` parameter can trigger the injection. This issue is remotely exploitable and the exploit has been made publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/pages/sup searchfrm.php?action=edit` file until a fix is available. Sanitize the `ID` parameter before using it in any database queries.