CVE-2025-10830 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Computer Sales and Inventory System. The flaw resides in the handling of the 'idd' parameter within the /pages/inv_edit1.php file. Improper sanitization or validation of this input allows an attacker to inject malicious SQL code remotely, without requiring authentication or user interaction. This vulnerability enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or deletion. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the vulnerability is remotely exploitable with low attack complexity and no privileges or user interaction required. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability allows partial compromise of the database content. No official patches or mitigations have been published yet, and while no known exploits are currently in the wild, the availability of a public exploit increases the risk of exploitation.

For European organizations using Campcodes Computer Sales and Inventory System 1.0, this vulnerability poses a significant risk to the confidentiality and integrity of sales and inventory data. Unauthorized access or manipulation of inventory records could disrupt supply chain operations, lead to financial discrepancies, and damage business reputation. The ability to execute SQL injection remotely without authentication increases the attack surface, especially for organizations exposing the affected system to the internet. Data breaches resulting from this vulnerability could also lead to regulatory non-compliance under GDPR, with potential fines and legal consequences. The disruption of inventory management could impact operational continuity, affecting customer satisfaction and revenue streams.

Organizations should immediately conduct an inventory to identify any deployments of Campcodes Computer Sales and Inventory System version 1.0. Given the absence of an official patch, the following specific mitigations are recommended: 1) Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns targeting the 'idd' parameter in /pages/inv_edit1.php. 2) Employ input validation and sanitization at the application or proxy level to reject malicious input before it reaches the backend. 3) Restrict network access to the affected system, limiting exposure to trusted internal networks only. 4) Monitor logs for unusual database query patterns or repeated access attempts to the vulnerable endpoint. 5) Engage with the vendor for updates or patches and plan for an upgrade once available. 6) Consider isolating or replacing the vulnerable system if it cannot be adequately protected. These targeted actions go beyond generic advice and address the specific attack vector and system context.