All the vulnerabilites related to CampCodes - Computer Laboratory Management System
cve-2025-0341
Vulnerability from cvelistv5
Published
2025-01-09 07:31
Modified
2025-01-09 15:24
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.290828 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.290828 | signature, permissions-required | |
https://vuldb.com/?submit.476884 | third-party-advisory | |
https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md | exploit | |
https://www.campcodes.com/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CampCodes | Computer Laboratory Management System |
Version: 1.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0341", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-09T15:24:03.887882Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-09T15:24:23.618Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Computer Laboratory Management System", "vendor": "CampCodes", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "John Correche (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine kritische Schwachstelle wurde in CampCodes Computer Laboratory Management System 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /class/edit/edit. Durch Beeinflussen des Arguments e_photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "Unrestricted Upload", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Controls", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-09T07:31:05.715Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-290828 | CampCodes Computer Laboratory Management System edit unrestricted upload", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.290828" }, { "name": "VDB-290828 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.290828" }, { "name": "Submit #476884 | CampCodes Computer Laboratory Management System 1.0 RCE via Arbitrary File Upload", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.476884" }, { "tags": [ "exploit" ], "url": "https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md" }, { "tags": [ "product" ], "url": "https://www.campcodes.com/" } ], "timeline": [ { "lang": "en", "time": "2025-01-08T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2025-01-08T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2025-01-08T18:59:47.000Z", "value": "VulDB entry last update" } ], "title": "CampCodes Computer Laboratory Management System edit unrestricted upload" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2025-0341", "datePublished": "2025-01-09T07:31:05.715Z", "dateReserved": "2025-01-08T17:54:40.315Z", "dateUpdated": "2025-01-09T15:24:23.618Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2025-0342
Vulnerability from cvelistv5
Published
2025-01-09 07:31
Modified
2025-01-09 15:13
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.290829 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.290829 | signature, permissions-required | |
https://vuldb.com/?submit.476897 | third-party-advisory | |
https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md | exploit | |
https://www.campcodes.com/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CampCodes | Computer Laboratory Management System |
Version: 1.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0342", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-09T15:13:06.056514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-09T15:13:22.417Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Computer Laboratory Management System", "vendor": "CampCodes", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "John Correche (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." }, { "lang": "de", "value": "Es wurde eine problematische Schwachstelle in CampCodes Computer Laboratory Management System 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /class/edit/edit. Dank der Manipulation des Arguments s_lname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-09T07:31:07.686Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-290829 | CampCodes Computer Laboratory Management System edit cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.290829" }, { "name": "VDB-290829 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.290829" }, { "name": "Submit #476897 | CampCodes Computer Laboratory Management System 1.0 Stored Cross-Site Scripting (XSS)", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.476897" }, { "tags": [ "exploit" ], "url": "https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md" }, { "tags": [ "product" ], "url": "https://www.campcodes.com/" } ], "timeline": [ { "lang": "en", "time": "2025-01-08T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2025-01-08T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2025-01-08T18:59:48.000Z", "value": "VulDB entry last update" } ], "title": "CampCodes Computer Laboratory Management System edit cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2025-0342", "datePublished": "2025-01-09T07:31:07.686Z", "dateReserved": "2025-01-08T17:54:42.602Z", "dateUpdated": "2025-01-09T15:13:22.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }