CVE-2025-9744

Name of the Vulnerable Software and Affected Versions Campcodes Online Loan Management System version 1.0

Description A weakness exists in Campcodes Online Loan Management System that may allow for SQL injection. The issue is located in an unknown function of the file /ajax.php?action=login. Manipulation of the Username argument can trigger the issue and allow for remote exploitation. The exploit has been made publicly available.

Recommendations As a temporary workaround, consider restricting access to the /ajax.php?action=login endpoint until a fix is available. Avoid using the Username parameter in the affected API endpoint until the issue is resolved.