A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/product_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7537 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Sales and Inventory System, specifically affecting an unspecified portion of the /pages/product_update.php file. The vulnerability arises from improper sanitization or validation of the 'ID' parameter, which can be manipulated remotely by an unauthenticated attacker to inject malicious SQL commands. This flaw allows attackers to interfere with the application's database queries, potentially leading to unauthorized data access, data modification, or deletion. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. Although the CVSS 4.0 score is 6.9, categorized as medium severity, the potential impact on confidentiality, integrity, and availability of the system's data is significant due to the nature of SQL injection attacks. The vulnerability has been publicly disclosed, but no known exploits are currently observed in the wild. The lack of available patches or mitigation guidance from the vendor increases the urgency for affected organizations to implement protective measures. Given that the affected product is a sales and inventory system, exploitation could lead to exposure or manipulation of sensitive business data, including inventory records, sales transactions, and possibly customer information.

CVE Database V5

Detailed information about CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/receipt_credit.php. The manipulation of the argument sid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7536 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Sales and Inventory System, specifically within the /pages/receipt_credit.php file. The vulnerability arises from improper sanitization of the 'sid' parameter, which can be manipulated by an attacker to inject malicious SQL code. This flaw allows an unauthenticated remote attacker to execute arbitrary SQL commands on the backend database without requiring any user interaction or privileges. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the system's data. Although the CVSS score is 6.9 (medium severity), the vulnerability's characteristics—remote exploitability without authentication and direct impact on database operations—indicate a significant threat. The exploit has been publicly disclosed, increasing the risk of exploitation. No official patches or mitigations have been linked yet, which means affected organizations must rely on immediate defensive measures. The vulnerability affects only version 1.0 of the Campcodes Sales and Inventory System, which is a niche product used for managing sales and inventory data, likely in small to medium enterprises.

Detailed information about CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/reprint_cash.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7535 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Sales and Inventory System, specifically within the /pages/reprint_cash.php file. The vulnerability arises from improper sanitization of the 'sid' parameter, which is susceptible to malicious input manipulation. An attacker can exploit this flaw remotely without requiring any authentication or user interaction, by injecting crafted SQL commands through the 'sid' argument. This can lead to unauthorized access to the underlying database, allowing attackers to read, modify, or delete sensitive sales and inventory data. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits are currently reported in the wild. The CVSS 4.0 score of 6.9 (medium severity) reflects the ease of remote exploitation and the potential for partial confidentiality, integrity, and availability impacts, albeit with limited scope and no privilege or user interaction requirements. Given the nature of sales and inventory systems, exploitation could disrupt business operations, compromise financial records, and expose sensitive commercial information.

Detailed information about CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-time up

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System

A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7534 is a critical SQL Injection vulnerability identified in version 2.0 of the PHPGurukul Student Result Management System, specifically within the /notice-details.php file. The vulnerability arises from improper sanitization and validation of the GET parameter 'nid', which is directly used in SQL queries without adequate escaping or parameterization. This flaw allows an unauthenticated remote attacker to inject arbitrary SQL code by manipulating the 'nid' parameter, potentially leading to unauthorized data access, data modification, or even complete compromise of the underlying database. The vulnerability does not require any user interaction or authentication, making it highly exploitable over the network. Although the CVSS 4.0 score is 6.9 (medium severity), the classification as critical by the vendor suggests that the impact could be significant depending on the deployment context. The vulnerability affects the confidentiality, integrity, and availability of the system's data, especially sensitive student records managed by the application. No official patches have been published yet, and while no known exploits are reported in the wild, the public disclosure of the exploit code increases the risk of exploitation by malicious actors.

Detailed information about CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System affecting PHPGurukul Student Result Management System. Ge

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System

A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/product_update.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7538: Unrestricted Upload in Campcodes Sales and Inventory System affecting Campcodes Sales and Inventory System. Get real-t

CVE-2025-7538: Unrestricted Upload in Campcodes Sales and Inventory System

CVE-2025-7538: Unrestricted Upload in Campcodes Sales and Inventory System

Description

Technical Details

Related Threats

CVE-2025-7537: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7536: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7535: SQL Injection in Campcodes Sales and Inventory System

CVE-2025-7534: SQL Injection in PHPGurukul Student Result Management System

CVE-2025-7533: SQL Injection in code-projects Job Diary

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility