Name of the Vulnerable Software and Affected Versions: Campcodes Online Recruitment Management System version 1.0 Description: A critical vulnerability exists in Campcodes Online Recruitment Management System. The vulnerability is due to a SQL injection flaw within an unknown functionality accessible through the /admin/ajax.php?action=save recruitment status API endpoint. Manipulation of the ID parameter allows for remote exploitation. The exploit has been publicly disclosed. Recommendations: Apply input validation and sanitization to the ID parameter in the /admin/ajax.php?action=save recruitment status endpoint. Consider using parameterized queries or prepared statements to prevent SQL injection attacks. As a temporary workaround, restrict access to the /admin/ajax.php file to authorized personnel…Read More