PT-2025-38686 · Unknown · Campcodes Online Learning Management System
Zzb2
·
Published
2025-09-22
·
Updated
2025-09-27
·
CVE-2025-10783
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Campcodes Online Learning Management System version 1.0
Description:
A weakness exists in Campcodes Online Learning Management System that may allow for remote SQL injection. The issue is related to the manipulation of the
subject code argument within the /admin/add subject.php file. The exploit has been made publicly available.Recommendations:
As a temporary workaround, consider restricting access to the
/admin/add subject.php file until a fix is available.
Sanitize the subject code argument to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Online Learning Management System