Noney

**Name of the Vulnerable Software and Affected Versions** Campcodes Computer Sales and Inventory System version 1.0 **Description** A flaw exists in Campcodes Computer Sales and Inventory System that may allow for SQL injection. The issue is located in an unknown function within the `/pages/pos transac.php?action=add` file. Manipulation of the `cash/firstname` argument can trigger the injection. The attack can be performed remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/pages/pos transac.php?action=add` file until a fix is available. Sanitize the `cash/firstname` argument to prevent SQL injection.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Water Billing System version 1.0 Description: A SQL injection issue exists in Campcodes Online Water Billing System 1.0 due to manipulation of the `ID` argument in the `/editecex.php` file. This allows for remote exploitation. The exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `/editecex.php` file until a fix is available.