CVE-2025-14877

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0

Description A flaw exists in Campcodes Supplier Management System version 1.0 that allows for remote SQL injection. The issue is located in the file /admin/add retailer.php and involves manipulation of the cmbAreaCode argument. The exploit is publicly available.

Recommendations As a temporary workaround, consider restricting access to the file /admin/add retailer.php until a fix is available. Avoid using the argument cmbAreaCode in the affected file /admin/add retailer.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.