9 matches found
CVE-2025-9744
CVE-2025-9744 affects Campcodes Online Loan Management System 1.0. A SQL injection vulnerability exists in the /ajax.php?action=login endpoint triggered by manipulating the Username parameter, enabling remote exploitation and potentially unauthorized access or data modification. Public exploits a...
CVE-2025-9502
CVE-2025-9502 affects Campcodes Online Loan Management System v1.0. The vulnerability is an SQL injection in the function/file /ajax.php?action=save_payment (and variations like /ajax.php?action=save payment) caused by manipulation of the loan_id parameter. Attacks can be launched remotely and, p...
CVE-2025-9503
This CVE records a SQL injection in Campcodes Online Loan Management System 1.0, specifically in an unknown function of /ajax.php?action=save_borrower where manipulating the lastname parameter can trigger exploitation. The vulnerability enables remote execution and has publicly disclosed exploits...
CVE-2025-9506
CVE-2025-9506 affects Campcodes Online Loan Management System v1.0. The vulnerability is an SQL injection in the file /ajax.php?action=delete_plan caused by improper handling/manipulation of the ID parameter. It is exploitable remotely, with exploitation publicly disclosed. Connected sources corr...
CVE-2025-9504
CVE-2025-9504 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /ajax.php?action=save_plan, caused by manipulation of the ID argument. Exploitation can be performed remotely, and public exploits are available. Techni...
CVE-2025-10109
CVE-2025-10109 affects Campcodes Online Loan Management System version 1.0. The vulnerability arises from improper handling of the parameter ID in the file /ajax.php?action=delete_payment, allowing remote attackers to execute SQL injection. Public exploitation has been disclosed. Affected product...
CVE-2025-9505
CVE-2025-9505 affects Campcodes Online Loan Management System 1.0. The issue is a SQL injection in the file /ajax.php?action=save_loan_type caused by improper handling of the ID parameter. It's a network-exposed vulnerability with the potential for remote exploitation, and an exploit has been pub...
CVE-2025-9678
CVE-2025-9678 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in the /ajax.php?action=delete_borrower endpoint, caused by manipulation of the ID parameter. It can be triggered remotely over the network and is publicly exploit-able according to the source...
CVE-2025-10108
CVE-2025-10108 affects Campcodes Online Loan Management System 1.0. The vulnerability is a SQL injection in the /ajax.php?action=delete_loan handler triggered by manipulating the ID parameter. It is exploitable remotely and an exploit is public, implying potential for unauthorized data access or ...