15 matches found
CVE-2025-10566
CVE-2025-10566 affects Campcodes Grocery Sales and Inventory System 1.0. The vulnerability exploits the page parameter in /index.php?page=users to trigger cross-site scripting, with remote exploitation possible and a publicly available exploit. Affected component is the /index.php?page=users logi...
CVE-2025-10414
The CVE-2025-10414 entry concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is a SQL injection in the file /ajax.php?action=save_customer, triggered by manipulating the ID argument. It is described as remotely exploitable and the exploit has been publicized. Root cause i...
CVE-2025-10417
CVE-2025-10417 affects Campcodes Grocery Sales and Inventory System 1.0. The vulnerability lies in the file /ajax.php?action=delete_product where manipulating the parameter ID results in a SQL injection, enabling remote exploitation. Multiple connected sources confirm the flaw and that exploits h...
CVE-2025-10562
CVE-2025-10562 affects Campcodes Grocery Sales and Inventory System v1.0. The flaw is in /ajax.php?action=save_product where manipulation of the ID parameter enables SQL injection, allowing remote exploitation (exploit published). The CVSS indicates high/critical impact across confidentiality, in...
CVE-2025-10415
CVE-2025-10415 affects Campcodes Grocery Sales and Inventory System version 1.0. The vulnerability is a SQL injection in the file /ajax.php?action=save_supplier caused by manipulation of the ID argument, exploitable remotely. Public exploitation/public disclosure is noted. CVSS details from sourc...
CVE-2025-10563
CVE-2025-10563 affects Campcodes Grocery Sales and Inventory System 1.0. The bug is in /ajax.php?action=save_category where manipulating the ID parameter enables SQL injection. Exploitation is remote and publicly disclosed. Impact is described as high for confidentiality, integrity, and availabil...
CVE-2025-10786
Campaign: CVE-2025-10786 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability resides in the file /ajax.php?action=delete_user, where manipulation of the ID parameter enables SQL injection. Attack is remote and requires no authentication. An exploit has been published and ...
CVE-2025-10785
Campcodes Grocery Sales and Inventory System 1.0 contains a SQL injection in /manage_user.php via manipulation of the ID parameter. The issue is exploitable remotely, and public exploits are available. Multiple sources (NVD, Red Hat, CVE listings, and third-party databases) consistently describe ...
CVE-2025-10032
CVE-2025-10032 – Campcodes Grocery Sales and Inventory System 1.0 has a cross-site scripting flaw in the unknown function of the file /index.php. Manipulating the page parameter allows remote script execution; the exploit is publicly available. Multiple connected sources corroborate the same issu...
CVE-2025-10413
CVE-2025-10413 affects Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is an SQL injection in the file /ajax.php?action=delete_customer, triggered by manipulating the ID parameter. This can be exploited remotely, and public disclosures exist. Connected sources confirm the issu...
CVE-2025-10564
CVE-2025-10564 affects Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is a SQL injection in the unknown function of /ajax.php?action=delete_category, triggered by manipulating the ID parameter. It is exploitable remotely, and the exploit has been made public. Some connected s...
CVE-2025-10030
CVE-2025-10030 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability affects the file /ajax.php?action=save_receiving where manipulation of the argument ID can lead to a SQL injection. It is described as exploitable remotely and the exploit has been made publicly available....
CVE-2025-10565
CVE-2025-10565 affects Campcodes Grocery Sales and Inventory System 1.0. A SQL injection exists in the /ajax.php?action=delete_receiving endpoint, triggered by manipulating the ID parameter. Several connected sources confirm remote exploitation possibilities and public disclosure of the exploit. ...
CVE-2025-10031
The CVE-2025-10031 entry concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is a SQL injection in the /ajax.php?action=delete_sales function caused by improper handling of the ID parameter, enabling remote exploitation. Public disclosures exist; CVSS vectors indicate hig...
CVE-2025-10416
Campcodes Grocery Sales and Inventory System 1.0 has a SQL injection vulnerability in /ajax.php?action=delete_supplier caused by unsafely handling the ID parameter. This remote‑accessible flaw can lead to unauthorized database access and manipulation; public exploits exist. Root cause: improper i...