CVE-2025-9920

Published: Sep 3, 2025Modified: Apr 29, 2026

2.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Affected (1)

Products: Campcodes: Online Recruitment Management System

1 product

Online Recruitment Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Campcodes Online Recruitment Management System	Version 1.0

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (6)

https://github.com/chenjunjie3/cve/issues/7

Source: cna@vuldb.com

ExploitIssue Tracking

https://vuldb.com/?ctiid.322321

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.322321

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.642407

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.campcodes.com/

Source: cna@vuldb.com

Product

https://github.com/chenjunjie3/cve/issues/7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue Tracking

Timeline

No history available yet.