CVE-2025-14582

Published: Dec 12, 2025Modified: Apr 29, 2026

2.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.

Affected (1)

Products: Campcodes: Online Student Enrollment System

1 product

Online Student Enrollment System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Campcodes Online Student Enrollment System	Version 1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://github.com/CHENCHOUCHOU/vuln/issues/2

Source: cna@vuldb.com

ExploitIssue TrackingMitigationThird Party Advisory

https://vuldb.com/?ctiid.336202

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.336202

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.705524

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.714164

Source: cna@vuldb.com

https://www.campcodes.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.