EUVD-2026-19069
GHSA-hffx-627q-p234
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Analysis
Campcodes Complete POS Management and Inventory System up to version 4.0.6 allows authenticated remote attackers to inject malicious input through the Environment Variable Handler in SettingsController.php, leading to information disclosure and potential system compromise. The vulnerability has publicly available exploit code and affects an undisclosed function handling environment variable manipulation, with moderate CVSS 6.3 severity driven by network-accessible attack surface and low attack complexity.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today