A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/receipt_credit.php. The manipulation of the argument sid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7536 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Sales and Inventory System, specifically within the /pages/receipt_credit.php file. The vulnerability arises from improper sanitization of the 'sid' parameter, which can be manipulated by an attacker to inject malicious SQL code. This flaw allows an unauthenticated remote attacker to execute arbitrary SQL commands on the backend database without requiring any user interaction or privileges. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the system's data. Although the CVSS score is 6.9 (medium severity), the vulnerability's characteristics—remote exploitability without authentication and direct impact on database operations—indicate a significant threat. The exploit has been publicly disclosed, increasing the risk of exploitation. No official patches or mitigations have been linked yet, which means affected organizations must rely on immediate defensive measures. The vulnerability affects only version 1.0 of the Campcodes Sales and Inventory System, which is a niche product used for managing sales and inventory data, likely in small to medium enterprises.

CVE Database V5

Detailed information about CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/reprint_cash.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7535 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Sales and Inventory System, specifically within the /pages/reprint_cash.php file. The vulnerability arises from improper sanitization of the 'sid' parameter, which is susceptible to malicious input manipulation. An attacker can exploit this flaw remotely without requiring any authentication or user interaction, by injecting crafted SQL commands through the 'sid' argument. This can lead to unauthorized access to the underlying database, allowing attackers to read, modify, or delete sensitive sales and inventory data. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits are currently reported in the wild. The CVSS 4.0 score of 6.9 (medium severity) reflects the ease of remote exploitation and the potential for partial confidentiality, integrity, and availability impacts, albeit with limited scope and no privilege or user interaction requirements. Given the nature of sales and inventory systems, exploitation could disrupt business operations, compromise financial records, and expose sensitive commercial information.

Detailed information about CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System

A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7534 is a critical SQL Injection vulnerability identified in version 2.0 of the PHPGurukul Student Result Management System, specifically within the /notice-details.php file. The vulnerability arises from improper sanitization and validation of the GET parameter 'nid', which is directly used in SQL queries without adequate escaping or parameterization. This flaw allows an unauthenticated remote attacker to inject arbitrary SQL code by manipulating the 'nid' parameter, potentially leading to unauthorized data access, data modification, or even complete compromise of the underlying database. The vulnerability does not require any user interaction or authentication, making it highly exploitable over the network. Although the CVSS 4.0 score is 6.9 (medium severity), the classification as critical by the vendor suggests that the impact could be significant depending on the deployment context. The vulnerability affects the confidentiality, integrity, and availability of the system's data, especially sensitive student records managed by the application. No official patches have been published yet, and while no known exploits are reported in the wild, the public disclosure of the exploit code increases the risk of exploitation by malicious actors.

Detailed information about CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System affecting PHPGurukul Student Result Management System. Ge

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System

A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. This issue affects some unknown processing of the file /view-details.php. The manipulation of the argument job_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7533 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Job Diary application. The vulnerability arises from improper handling of the 'job_id' parameter in the /view-details.php script. An attacker can manipulate this parameter to inject malicious SQL code, which the backend database executes. This flaw allows an unauthenticated remote attacker to perform unauthorized database queries, potentially leading to data leakage, data modification, or even complete compromise of the underlying database. The vulnerability does not require any user interaction or authentication, making it highly accessible for exploitation. The CVSS 4.0 base score is 6.9, indicating a medium severity level, primarily due to limited impact on confidentiality, integrity, and availability (each rated low), but with ease of exploitation (network vector, no privileges required, no user interaction). Although no public exploits have been reported in the wild yet, the vulnerability details have been disclosed publicly, increasing the risk of exploitation. The absence of patches or vendor advisories at this time heightens the urgency for organizations using this software to implement mitigations. SQL Injection vulnerabilities are among the most dangerous web application flaws, as they can lead to unauthorized data access, data corruption, or full system compromise depending on the database privileges and application context. The affected software, Job Diary 1.0, is a niche product likely used for job tracking or diary management, and the vulnerability specifically targets the job_id parameter in a view-details page, which is presumably accessible via web interface.

Detailed information about CVE-2025-7533: SQL Injection in code-projects Job Diary affecting code-projects Job Diary. Get real-time updates, technical details, 

CVE-2025-7533: SQL Injection in code-projects Job Diary - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7533: SQL Injection in code-projects Job Diary

A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/product_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System

Description

Technical Details

Related Threats

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System

CVE-2025-7533: SQL Injection in code-projects Job Diary

CVE-2025-7532: Stack-based Buffer Overflow in Tenda FH1202

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility