PT-2025-51028 · Unknown · Campcodes Online Student Enrollment System
Joajoa
·
Published
2025-12-12
·
Updated
2025-12-22
·
CVE-2025-14582
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
campcodes Online Student Enrollment System version 1.0
Description
A flaw exists in campcodes Online Student Enrollment System that allows for unrestricted file upload. This issue affects the file '/admin/index.php?page=user-profile' and involves manipulation of the
userphoto argument. The attack can be initiated remotely. The exploit is publicly available.Recommendations
Apply a fix to address the unrestricted file upload issue in the affected file.
Restrict access to the vulnerable file '/admin/index.php?page=user-profile'.
Sanitize or validate the
userphoto argument to prevent unrestricted file uploads.
As a temporary workaround, consider disabling the affected functionality until a patch is available.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Online Student Enrollment System