SQL Injection Vulnerability in Campcodes Sales and Inventory System by Campcodes
CVE-2025-6935

7.3HIGH

Key Information:

Vendor: Campcodes
Status: Sales and Inventory System
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-6935?

A security flaw exists in the Campcodes Sales and Inventory System version 1.0, located in the /pages/payment_add.php file. The vulnerability, stemming from improper handling of the 'cid' parameter, allows attackers to perform SQL injection attacks, potentially compromising the database integrity. This issue can be exploited remotely, making it crucial for users to assess their systems for potential exposure and take preventative measures.

References

https://github.com/dragonghost2025/cve/issues/9

https://vuldb.com/?ctiid.314456

https://vuldb.com/?id.314456

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025