CVE Alert: CVE-2025-10414 - Campcodes - Grocery Sales and Inventory System

CVE-2025-10414

HIGHNo exploitation knownPoC observed

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS v3.1 (7.3)

Vendor

Campcodes

Product

Grocery Sales and Inventory System

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-09-14T22:32:07.174Z

Updated

2025-09-15T17:17:54.827Z

References

https://vuldb.com/?id.323848

https://vuldb.com/?ctiid.323848

https://vuldb.com/?submit.646970

https://github.com/zzb1388/cve/issues/81

https://www.campcodes.com/

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Logs showing SQL error messages or unusual query patterns from ajax.php
Repeated, anomalous requests to save_customer with abnormal ID values
Spikes in database query latency or data volume from the endpoint
WAF/IPS alerts for SQLi payloads targeting the endpoint
Unusual access patterns from unfamiliar IPs

Mitigation and prioritisation

Apply vendor patch or upgrade to a fixed version; if unavailable, implement strong input validation and parameterised queries (prepared statements)
Implement IP/auth controls around the endpoint; disable direct access where feasible
Enable WAF rules to block SQLi attempts; monitor for exfiltration indicators
Harden DB access: least privilege accounts, separate web app DB user, rotate credentials
Test in staging before production changes; ensure reliable backups and a rollback plan

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: campcodes, CVE, cve-2025-10414, grocery-sales-and-inventory-system, OSINT, threatintel

CVE Alert: CVE-2025-10414 – Campcodes – Grocery Sales and Inventory System