PT-2025-29383 · Campcodes · Campcodes Sales/Inventory System
Daojie Zhao
·
Published
2025-07-13
·
Updated
2025-07-13
·
CVE-2025-7538
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Campcodes Sales and Inventory System version 1.0
Description:
A critical vulnerability exists in Campcodes Sales and Inventory System that allows for unrestricted file upload. The vulnerability affects unknown code within the
/pages/product update.php file. Exploitation occurs through manipulation of the image argument, enabling remote attacks. The exploit has been publicly disclosed.Recommendations:
Campcodes Sales and Inventory System version 1.0: Restrict access to the
/pages/product update.php file or sanitize the image argument to prevent unrestricted uploads.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Sales/Inventory System