CVE-2025-4735 – Campcodes Sales and Inventory System Unrestricted File Upload Vulnerability

May 16, 2025

CVE ID : CVE-2025-4735

Published : May 16, 2025, 2:15 a.m. | 1 hour, 8 minutes ago

Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the argument Picture leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4736 – PHPGurukul Daily Expense Tracker SQL Injection Vulnerability

Next Article CVE-2025-4734 – Campcodes Sales and Inventory System SQL Injection

Highlights

CVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

May 9, 2025

CVE ID : CVE-2025-4377

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.

This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.

Logview is accessible on Pro Cloud Server Configuration interface.

This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-4735 – Campcodes Sales and Inventory System Unrestricted File Upload Vulnerability

Google fixes fourth actively exploited Chrome zero-day of 2025

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

Can your phone last 10 years? Back Market and iFixit want to make it happen – here’s how

Distribution Release: Rocky Linux 9.6

Valve reveals new SteamOS Compatibility system for Non-Steam Decks like Legion Go S SteamOS — 18,000+ titles expected “out of the gate”

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

CVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

CVE-2025-28380 – OpenC3 COSMOS XSS

LinkAce is a self-hosted archive to collect links of websites

CVE-2025-23260 – NVIDIA AIStore Kubernetes ClusterRole Escalation of Privilege

CVE-2025-4735 – Campcodes Sales and Inventory System Unrestricted File Upload Vulnerability

Related Posts