A vulnerability was found in Campcodes Point of Sale System POS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection.

This vulnerability is reported as CVE-2025-10857. The attack is possible to be carried out remotely. Moreover, an exploit is present.