CVE-2025-9794

Campcodes Computer Sales and Inventory System pos_transac.php sql injection

Description

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.

INFO

Published Date :

2025-09-01T20:32:07.651Z

Last Modified :

2025-09-02T15:08:44.126Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9794 vulnerability.

Vendors	Products
Campcodes	Computer Sales And Inventory System Sales And Inventory System

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9794.

URL	Resource
https://github.com/Yuanwennnn/cve/issues/2
https://github.com/e1evensu/cve/issues/1
https://vuldb.com/?ctiid.322109
https://vuldb.com/?id.322109
https://vuldb.com/?submit.641103
https://vuldb.com/?submit.642559
https://www.campcodes.com/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact