CVE-2025-4718: Campcodes Sales and Inventory System customer_add.php sql injection
First published: Thu May 15 2025(Updated: )
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/customer_add.php. The manipulation of the argument last leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Campcodes Sales and Inventory System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4718?
CVE-2025-4718 is classified as a critical vulnerability.
How does CVE-2025-4718 impact the Campcodes Sales and Inventory System?
CVE-2025-4718 allows for SQL injection through the manipulation of the 'last' argument in the /pages/customer_add.php file.
How do I fix CVE-2025-4718?
To fix CVE-2025-4718, ensure proper validation and sanitization of user inputs in the /pages/customer_add.php file.
Who is affected by CVE-2025-4718?
CVE-2025-4718 affects users of the Campcodes Sales and Inventory System version 1.0.
Can CVE-2025-4718 lead to data breaches?
Yes, CVE-2025-4718 can lead to data breaches by allowing attackers to execute unauthorized SQL queries.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/campcodes
- canonical/campcodes sales and inventory system