Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.
AnalysisAI
Unrestricted file upload in Campcodes Complete Online Learning Management System 1.0 allows authenticated remote attackers to upload arbitrary files via the add_lesson function in /application/models/Crud_model.php, enabling potential remote code execution or malware deployment. The vulnerability requires low-privilege authentication, carries a CVSS score of 6.3 (medium), and publicly available exploit code exists.
Technical ContextAI
The vulnerability resides in the add_lesson function within Crud_model.php, a PHP-based model file handling lesson creation in the Campcodes learning management system. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating insufficient validation or filtering of uploaded file types, names, or contents. Attackers with authenticated access can bypass file upload restrictions by crafting malicious requests that deliver executable files (such as PHP shells) to the server. The attack vector is network-based with low complexity, requiring only valid authentication credentials.
RemediationAI
Organizations should immediately update Campcodes Complete Online Learning Management System to a patched version released after version 1.0. Specific patched version numbers are not provided in available data; consult https://www.campcodes.com/ for the latest security release. As an interim workaround, restrict access to the /application/models/Crud_model.php endpoint and the add_lesson function via web server access controls, limit LMS user registration to trusted accounts only, and monitor /var/www/html (or equivalent upload directory) for unexpected executable files. Implement strict file type validation on the server side, verify that .php and other executable extensions cannot be uploaded or executed in user-accessible directories, and enforce Content-Disposition: attachment headers on file downloads. Leverage the published exploit code (available at https://github.com/whatyourname12345/CVE/tree/main/OLMS) to validate that mitigations are in place before patching is possible.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19040
GHSA-hmqj-h9pm-wq53