Dico

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A SQL injection issue exists in Campcodes Online Loan Management System 1.0. The vulnerability is located in unknown code within the `/ajax.php?action=delete loan` file. Manipulation of the `ID` parameter can trigger the SQL injection. The exploit has been made public and could be used to initiate attacks remotely. Recommendations: As a temporary workaround, consider restricting access to the `/ajax.php?action=delete loan` file until a fix is available. Sanitize the `ID` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Loan Management System version 1.0 **Description** A SQL injection issue exists in Campcodes Online Loan Management System. The issue affects processing of the file `/ajax.php?action=delete payment`. Manipulation of the `ID` argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Campcodes Online Loan Management System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Shopping Portal version 1.0 **Description** A critical issue affects the processing of the file /admin/updateorder.php, where the manipulation of the `remark` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For Campcodes Online Shopping Portal version 1.0, as a temporary workaround, consider restricting access to the /admin/updateorder.php file and avoid using the `remark` parameter in this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.