CVE-2025-4708: Campcodes Sales and Inventory System sales_add.php sql injection
First published: Thu May 15 2025(Updated: )
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add.php. The manipulation of the argument discount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Campcodes Sales and Inventory System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4708?
CVE-2025-4708 is classified as a critical severity vulnerability.
What type of vulnerability is CVE-2025-4708?
CVE-2025-4708 is an SQL injection vulnerability.
How can an attacker exploit CVE-2025-4708?
An attacker can exploit CVE-2025-4708 remotely by manipulating the 'discount' argument in the sales_add.php file.
What version of Campcodes Sales and Inventory System is affected by CVE-2025-4708?
CVE-2025-4708 affects Campcodes Sales and Inventory System version 1.0.
How do I fix CVE-2025-4708?
To fix CVE-2025-4708, validate and sanitize all user inputs before processing them in database queries.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/campcodes
- canonical/campcodes sales and inventory system