CVE-2026-5561 | Campcodes Complete POS Management and Inventory System up to 4.0.6 Environment Variable SettingsController.php injection

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability labeled as critical has been found in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection.

This vulnerability is registered as CVE-2026-5561. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-5561 | Campcodes Complete POS Management and Inventory System up to 4.0.6 Environment Variable SettingsController.php injection

Post correlati

CVE-2025-25992 | FeMiner wms 1.0 inquire_inout_item.php sql injection (Issue 19)

CVE-2025-53416 | Delta Electronics DTN Soft up to 2.1.0 Project File Parser deserialization

CVE-2024-33892 | Cosy+ prior 21.2s10/22.1s3 permission

CVE-2024-30442 | BoldThemes Bold Page Builder Plugin up to 4.8.0 on WordPress cross site scripting