Name of the Vulnerable Software and Affected Versions:

Campcodes Online Recruitment Management System version 1.0

Description:

A critical vulnerability exists in Campcodes Online Recruitment Management System. The vulnerability is due to SQL injection, stemming from manipulation of the `ID` argument in the `/admin/ajax.php?action=save user` API endpoint. This allows for remote exploitation. The exploit has been publicly disclosed.

Recommendations:

As a temporary workaround, restrict access to the `/admin/ajax.php?action=save user` API endpoint until a fix is available.

Sanitize the `ID` parameter before using it in any database queries.