Aggregates CVE and security vulnerability intelligence across all Campcodes-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection, vendor risk cross-site scripting, and vendor risk path handling; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-10826 | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10825 | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10817 | A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | [email protected] | 5.5 | 0.38% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10810 | A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | [email protected] | 5.5 | 0.61% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10809 | A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | [email protected] | 5.5 | 0.51% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10808 | A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | [email protected] | 5.5 | 0.38% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10807 | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10806 | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10805 | A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10804 | A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | [email protected] | 2.1 | 0.35% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10786 | A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_user. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | [email protected] | 5.5 | 0.51% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10785 | A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | [email protected] | 5.5 | 0.51% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10784 | A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | [email protected] | 5.5 | 0.49% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10783 | A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | [email protected] | 5.5 | 0.38% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10782 | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | [email protected] | 5.5 | 0.38% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10781 | A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | [email protected] | 5.5 | 0.38% | 2025-09-22 | 2026-06-17 |
| CVE-2025-10566 | A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | [email protected] | 2.1 | 0.32% | 2025-09-16 | 2026-06-17 |
| CVE-2025-10565 | A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | [email protected] | 5.5 | 0.39% | 2025-09-16 | 2026-06-17 |
| CVE-2025-10564 | A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | [email protected] | 5.5 | 0.39% | 2025-09-16 | 2026-06-17 |
| CVE-2025-10563 | A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.44% | 2025-09-16 | 2026-06-17 |