Campcodes Park Ticketing System CVE-2025-15214
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used.
AnalysisAI
Stored cross-site scripting (XSS) in Campcodes Park Ticketing System 1.0 allows high-privileged users to inject malicious scripts via the name/ride parameter in the save_pricing function of admin_class.php, affecting user sessions with user interaction. Publicly available exploit code exists, though EPSS scoring (0.02%) and high privilege requirement (PR:H) suggest limited real-world exploitation likelihood despite the low CVSS score of 1.9.
Technical ContextAI
The vulnerability exists in a PHP-based ticketing system where the save_pricing function in admin_class.php fails to properly sanitize user-supplied input from the name/ride parameter before storing it in the application context. This is a classic reflected or stored XSS vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) where unsanitized input is rendered back to users' browsers, enabling script injection. The attack vector is network-based and requires high administrative privileges and user interaction (clicking a malicious link), making this a server-side PHP application vulnerability typical of custom ticketing systems.
RemediationAI
No vendor-released patch identified at time of analysis. Primary remediation requires upgrading to a patched version if released by Campcodes; contact vendor at https://www.campcodes.com/ to request security updates. Immediate compensating controls include: (1) Implement strict input validation and output encoding for all user-supplied parameters in the save_pricing function-specifically HTML-encode the name/ride parameters before database storage and use parameterized queries; (2) Deploy Content Security Policy (CSP) headers to restrict inline script execution, mitigating stored XSS impact even if injection occurs; (3) Restrict admin_class.php access to known administrative IP ranges or require multi-factor authentication for administrative sessions, reducing the attack surface; (4) Apply Web Application Firewall (WAF) rules to detect and block XSS payloads in the name/ride parameters before they reach the application. Each mitigation has trade-offs: output encoding may affect legitimate display of special characters, CSP can break legitimate functionality if overly restrictive, IP restrictions reduce flexibility for remote administration, and WAF rules require maintenance as new XSS techniques emerge.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today