CVE-2025-4899

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0

Description: A critical issue affects the processing of the file /pages/transaction update.php in Campcodes Sales and Inventory System. The manipulation of the ID argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: As a temporary workaround, consider disabling access to the /pages/transaction update.php file until a patch is available. Restrict the manipulation of the ID argument to minimize the risk of SQL injection exploitation. Avoid using the ID argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.