Lige Zhan

**Name of the Vulnerable Software and Affected Versions** Campcodes Supplier Management System version 1.0 **Description** A flaw exists in Campcodes Supplier Management System that allows for SQL injection. The issue is located in the file '/admin/add area.php' and involves manipulation of the `txtAreaCode` argument. This can be exploited remotely. The exploit has been published. **Recommendations** Apply any available updates to address the vulnerability in the affected version. As a temporary workaround, restrict access to the file `/admin/add area.php` to minimize the risk of exploitation. Sanitize the `txtAreaCode` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Campcodes Supplier Management System version 1.0 **Description** A SQL injection issue exists in Campcodes Supplier Management System 1.0. The issue is located in an unknown function of the `/admin/view products.php` file. Manipulating the `chkId[]` argument can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.