CVE-2026-5561

MEDIUM CVSS 6.3 View on NVD ↗

Description

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/whatyourname12345/CVE/blob/main/POS/cve.md
https://vuldb.com/submit/782934
https://vuldb.com/vuln/355331
https://vuldb.com/vuln/355331/cti
https://www.campcodes.com/

Published: Apr 05, 2026 11:16 UTC Modified: Apr 05, 2026 11:16 UTC