CVE-2025-13260

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0

Description A flaw exists in Campcodes Supplier Management System version 1.0 that allows for SQL injection. This issue affects an unknown function within the /manufacturer/edit product.php file. Manipulation of the cmbProductUnit argument can lead to a successful attack, which can be launched remotely. The exploit for this issue has been publicly disclosed.

Recommendations Campcodes Supplier Management System version 1.0: As a temporary workaround, consider restricting access to the /manufacturer/edit product.php file to minimize the risk of exploitation. Avoid using the cmbProductUnit parameter in the affected file until the issue is resolved.