Suuuu

**Name of the Vulnerable Software and Affected Versions** Campcodes Computer Sales and Inventory System version 1.0 **Description** A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Manipulation of the `Username` argument in the file `/pages/us transac.php?action=add` can lead to SQL injection. The attack may be performed remotely. The exploit has been made publicly available. **Recommendations** As a temporary workaround, consider restricting access to the file `/pages/us transac.php` until a fix is available. Avoid using the `Username` parameter in the affected API endpoint `/pages/us transac.php?action=add` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Campcodes Computer Sales and Inventory System version 1.0 **Description** A security issue exists in Campcodes Computer Sales and Inventory System 1.0. The vulnerability is due to SQL injection in an unknown function of the file `/pages/cust searchfrm.php?action=edit`. Manipulation of the `ID` argument can trigger the issue, and the attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Address the SQL injection issue in the `/pages/cust searchfrm.php?action=edit` file by sanitizing the `ID` argument.