PT-2025-28271 · Campcodes · Campcodes Advanced Online Voting System

Y2Xsec

Published

2025-07-07

Updated

2025-07-07

CVE-2025-7151

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0

Description: A critical issue affects the processing of the file /admin/voters add.php, allowing unrestricted upload through the manipulation of the photo argument. This can be initiated remotely.

Recommendations: For Campcodes Advanced Online Voting System version 1.0, consider disabling the file /admin/voters add.php or restricting access to it until a fix is available. Avoid using the photo argument in the affected file to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-7151

Affected Products

Campcodes Advanced Online Voting System

PT-2025-28271 · Campcodes · Campcodes Advanced Online Voting System

CVE-2025-7151

Weakness Enumeration

Related Identifiers

Affected Products

References · 9