PT-2025-47530 · Unknown · Campcodes Retro Basketball Shoes Online Store
Laosiji
·
Published
2025-11-19
·
Updated
2025-11-24
·
CVE-2025-13411
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Campcodes Retro Basketball Shoes Online Store version 1.0
Description
A flaw exists that allows for unrestricted file uploads. This is possible through manipulation of the
product image argument in the /admin/admin football.php file. The attack can be carried out remotely. The exploit has been publicly released.Recommendations
Apply any available updates to address the unrestricted file upload issue in the
/admin/admin football.php file.
As a temporary workaround, restrict access to the /admin/admin football.php file to authorized personnel only.
Avoid uploading untrusted files through the product image argument.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Retro Basketball Shoes Online Store