CVE-2025-10436

Name of the Vulnerable Software and Affected Versions Campcodes Computer Sales and Inventory System version 1.0

Description A weakness exists in Campcodes Computer Sales and Inventory System that allows for SQL injection. The issue is located in an unknown function of the file /pages/sup searchfrm.php?action=edit. Manipulation of the ID parameter can trigger the injection. This issue is remotely exploitable and the exploit has been made publicly available.

Recommendations As a temporary workaround, consider restricting access to the /pages/sup searchfrm.php?action=edit file until a fix is available. Sanitize the ID parameter before using it in any database queries.