CVE-2025-14889

Published: Dec 18, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Affected (1)

Products: Campcodes: Advanced Voting Management System

1 product

Advanced Voting Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Campcodes Advanced Voting Management System	Version 1.0

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (5)

https://gist.github.com/nikstudy576-maker/82e1e1ede9b848880aa09b87b92bc22c

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.337378

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.337378

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.715643

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.campcodes.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.