CVE-2025-10416

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
References
Link Resource
https://github.com/zzb1388/cve/issues/79 Exploit Third Party Advisory Issue Tracking
https://vuldb.com/?ctiid.323850 Permissions Required VDB Entry
https://vuldb.com/?id.323850 Third Party Advisory VDB Entry
https://vuldb.com/?submit.646972 Third Party Advisory VDB Entry
https://www.campcodes.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:campcodes:grocery_sales_and_inventory_system:1.0:*:*:*:*:*:*:*

History

18 Sep 2025, 19:44

Type Values Removed Values Added
References () https://github.com/zzb1388/cve/issues/79 - () https://github.com/zzb1388/cve/issues/79 - Exploit, Third Party Advisory, Issue Tracking
References () https://vuldb.com/?ctiid.323850 - () https://vuldb.com/?ctiid.323850 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.323850 - () https://vuldb.com/?id.323850 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.646972 - () https://vuldb.com/?submit.646972 - Third Party Advisory, VDB Entry
References () https://www.campcodes.com/ - () https://www.campcodes.com/ - Product
CPE cpe:2.3:a:campcodes:grocery_sales_and_inventory_system:1.0:*:*:*:*:*:*:*
First Time Campcodes grocery Sales And Inventory System
Campcodes

15 Sep 2025, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-15 00:15

Updated : 2025-09-18 19:44


NVD link : CVE-2025-10416

Mitre link : CVE-2025-10416

CVE.ORG link : CVE-2025-10416


JSON object : View

Products Affected

campcodes

  • grocery_sales_and_inventory_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')