Campcodes · Campcodes Supplier Management System · CVE-2025-14952
**Name of the Vulnerable Software and Affected Versions**
Campcodes Supplier Management System version 1.0
**Description**
A flaw exists in Campcodes Supplier Management System that allows for remote code execution. The issue is located in the file `/admin/add category.php`. Manipulation of the `txtCategoryName` argument can lead to SQL injection. The exploit is publicly available.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.