CVE-2025-9794

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
campcodescomputer_sales_and_inventory_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Yuanwennnn/cve/issues/2
https://github.com/e1evensu/cve/issues/1
https://vuldb.com/?ctiid.322109
https://vuldb.com/?id.322109
https://vuldb.com/?submit.641103
https://vuldb.com/?submit.642559
https://www.campcodes.com/
https://github.com/Yuanwennnn/cve/issues/2
https://github.com/e1evensu/cve/issues/1