CVE-2025-9786

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0

Description A SQL injection issue exists in Campcodes Online Learning Management System version 1.0. The issue is located in the /teacher signup.php file, within an unknown function. Manipulation of the firstname argument can trigger the SQL injection. The attack can be initiated remotely, and the exploit has been made public. Other parameters might also be affected.

Recommendations As a temporary workaround, consider restricting or disabling the use of the /teacher signup.php file until a fix is available. Sanitize the firstname parameter before using it in any database queries.