CVE-2025-6935 – Campcodes Sales and Inventory System SQL Injection

June 30, 2025

CVE ID : CVE-2025-6935

Published : July 1, 2025, 12:15 a.m. | 1 hour, 24 minutes ago

Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6936 – Simple Pizza Ordering System SQL Injection

Next Article CVE-2025-6932 – D-Link DCS-7517 Hard-Coded Password Vulnerability

Highlights

CVE-2025-49584 – XWiki Information Disclosure Vulnerability

June 13, 2025

CVE ID : CVE-2025-49584

Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

Description : XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default for an XWiki installation. This allows an attacker to get titles of pages whose reference is known, one title per request. This doesn’t affect fully private wikis as the REST endpoint checks access rights on the XClass definition. The impact on confidentiality depends on the strategy for page names. By default, page names match the title, so the impact should be low but if page names are intentionally obfuscated because the titles are sensitive, the impact could be high. This has been fixed in XWiki 16.4.7, 16.10.3 and 17.0.0 by adding access control checks before getting the title of any page.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

Never Stop Exploring (July 2025 Wallpapers Edition)

I never thought I’d praise a kickstand power bank – until I tried this one

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

How to set up Alexa to receive notifications on Prime Day deals you want

How proxy servers actually work, and why they’re so valuable

Top 6 MySQL Database Management Struggles for Laravel Developers (And Smart Fixes)

Top 6 MySQL Database Management Struggles for Laravel Developers (And Smart Fixes)

What’s the difference between named functions and arrow functions in JavaScript?

Spring Boot + Swagger: A Complete Guide to API Documentation

Relive the Golden Era: 5 Tools to Get Retro Feel on Linux

Relive the Golden Era: 5 Tools to Get Retro Feel on Linux

mpvc – mpc-like CLI tool for mpv

sherpa-onnx is speech-to-text and text-to-speech software

CVE-2025-6935 – Campcodes Sales and Inventory System SQL Injection

CVE-2025-6554 – Google Chrome V8 Type Confusion Vulnerability

CVE-2025-6930 – PHPGurukul Zoo Management System SQL Injection Vulnerability

From GenAI Demos to Production: Why Structured Workflows Are Essential

CVE-2025-33043 – APTIOV BIOS Improper Input Validation Vulnerability

How to preorder the new Surface Pro and Surface Laptop

SEIKO EPSON Printer Vulnerabilities Let Attackers Execute Arbitrary Code

CVE-2025-49584 – XWiki Information Disclosure Vulnerability

Why DNS Security Is Your First Defense Against Cyber Attacks?

Going beyond AI assistants: Examples from Amazon.com reinventing industries with generative AI

CVE-2025-53318 – WPManiax WP DB Booster Missing Authorization Vulnerability

CVE-2025-6935 – Campcodes Sales and Inventory System SQL Injection

Related Posts