CVE-2025-10413 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Grocery Sales and Inventory System. The vulnerability exists in the /ajax.php endpoint, specifically within the 'delete_customer' action. An attacker can manipulate the 'ID' parameter in the request to inject malicious SQL code. This injection flaw allows the attacker to execute arbitrary SQL commands on the backend database without any authentication or user interaction, as the attack vector is remote and requires no privileges. The vulnerability impacts the confidentiality, integrity, and availability of the database, as it can lead to unauthorized data disclosure, data modification, or deletion. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation (low attack complexity, no privileges required) but limited scope and impact (low impact on confidentiality, integrity, and availability). No patches or fixes have been published yet, and no known exploits are currently observed in the wild, although public disclosure of the exploit code increases the risk of exploitation. The vulnerability is critical for organizations relying on this system for managing grocery sales and inventory, as it could lead to data breaches or operational disruption.

For European organizations using the Campcodes Grocery Sales and Inventory System version 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive customer and inventory data, potentially violating GDPR requirements on data protection and privacy. Data integrity could be compromised, affecting inventory accuracy and sales records, which can disrupt business operations and financial reporting. Availability could also be impacted if attackers delete or corrupt database entries, leading to downtime or degraded service. Small and medium-sized grocery retailers, which may rely on this system, could face reputational damage and regulatory penalties if exploited. The remote and unauthenticated nature of the vulnerability increases the likelihood of attacks, especially if exploit code becomes widespread. Organizations must consider the potential for lateral movement if the compromised system is connected to broader corporate networks.

Immediate mitigation should focus on restricting access to the vulnerable endpoint by implementing network-level controls such as IP whitelisting or VPN access to limit exposure. Web application firewalls (WAFs) can be configured with custom rules to detect and block SQL injection patterns targeting the 'delete_customer' action. Input validation and parameterized queries should be implemented in the application code to prevent injection, but since no patch is currently available, organizations should engage with the vendor for an official fix or upgrade path. Regular monitoring of logs for suspicious activity related to /ajax.php requests is recommended. Additionally, organizations should conduct a thorough audit of affected systems to identify any signs of compromise. Backup and recovery procedures should be tested and updated to ensure rapid restoration in case of data corruption or deletion. Finally, educating staff about the risks and signs of exploitation can help in early detection and response.