Lph200016

**Name of the Vulnerable Software and Affected Versions** Campcodes Supplier Management System version 1.0 **Description** A flaw exists in Campcodes Supplier Management System version 1.0 that allows for remote SQL injection. The issue is located in the file `/admin/add retailer.php` and involves manipulation of the `cmbAreaCode` argument. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the file `/admin/add retailer.php` until a fix is available. Avoid using the argument `cmbAreaCode` in the affected file `/admin/add retailer.php` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Supplier Management System version 1.0 **Description** A flaw exists in Campcodes Supplier Management System version 1.0. The issue involves a SQL injection impacting an unknown function within the `/admin/add distributor.php` file. Manipulation of the `txtDistributorAddress` argument can trigger the injection. This attack can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Polling System version 1.0 **Description** A flaw exists in Campcodes Online Polling System 1.0 related to the manipulation of the `myusername` argument within the file '/admin/checklogin.php', potentially leading to SQL injection. The attack can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Polling System version 1.0 **Description** A SQL injection issue exists in Campcodes Online Polling System version 1.0. The issue is located in the `/registeracc.php` file, where manipulation of the `email` parameter can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Apply a fix to address the SQL injection issue in the `/registeracc.php` file. Sanitize the `email` parameter to prevent SQL injection attacks. Restrict access to the `/registeracc.php` file if possible.

**Name of the Vulnerable Software and Affected Versions** Campcodes School Fees Payment Management System version 1.0 **Description** A security flaw exists in Campcodes School Fees Payment Management System 1.0 related to the processing of the `/ajax.php` file. Manipulation of this file can lead to a SQL injection attack, which can be executed remotely. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.