Code Projects · Web-Based Inventory/Pos System · CVE-2025-11431
**Name of the Vulnerable Software and Affected Versions**
code-projects Web-Based Inventory and POS System version 1.0
**Description**
A flaw exists in code-projects Web-Based Inventory and POS System. The issue is related to SQL injection, triggered by manipulating the `shopid` argument in a file named `/transaction.php`. The vulnerability is present in an unknown function within this file and can be exploited remotely. The details of the exploit have been publicly disclosed.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.