Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Campcodes Complete POS Management and Inventory System: Environment Variable Injection
CVE-2026-5561
Summary
The Campcodes Complete POS Management and Inventory System is vulnerable to an environment variable injection attack. This means that an attacker could potentially inject malicious data into the system, allowing them to access unauthorized information or compromise the system's security. We recommend updating to a fixed version to mitigate this risk.
Original title
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the...
Original description
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-707
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026