Login Sign Up

CVE-2025-13411

4.7 MEDIUM

📋 TL;DR

This vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 allows attackers to upload arbitrary files to the server via the product_image parameter in /admin/admin_football.php. This affects all installations of the software that have the vulnerable file accessible. Remote attackers can potentially upload malicious files like web shells to gain unauthorized access.

💻 Affected Systems

Products:
  • Campcodes Retro Basketball Shoes Online Store
Versions: 1.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Requires /admin/admin_football.php to be accessible

📦 What is this software?

Retro Basketball Shoes Online Store by Campcodes

View all CVEs affecting Retro Basketball Shoes Online Store →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through web shell upload leading to data theft, defacement, or ransomware deployment

🟠

Likely Case

Unauthorized file upload allowing web shell installation and subsequent server access

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.campcodes.com/

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Restrict admin access

all

Block access to /admin/admin_football.php file

# Apache: Add to .htaccess
<Files "admin_football.php">
    Order Deny,Allow
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /admin/admin_football\.php$ {
    deny all;
    return 403;
}

Implement file upload validation

all

Add server-side validation for file uploads

# PHP example for file validation
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
$max_size = 2097152; // 2MB

if (!in_array($_FILES['product_image']['type'], $allowed_types) || 
    $_FILES['product_image']['size'] > $max_size) {
    die('Invalid file');
}

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block file uploads to vulnerable endpoint
  • Monitor file system for unauthorized file creation in upload directories

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a non-image file via /admin/admin_football.php product_image parameter

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test that file upload restrictions are properly enforced and only allowed file types are accepted

📡 Detection & Monitoring

Log Indicators:

  • File upload attempts to /admin/admin_football.php
  • Unusual file creations in upload directories
  • POST requests with file uploads to admin endpoints

Network Indicators:

  • HTTP POST requests to /admin/admin_football.php with multipart/form-data
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/admin/admin_football.php" AND method="POST" AND content_type="multipart/form-data"

📊 Metadata

CVE ID: CVE-2025-13411
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.07% exploit probability (20.5th percentile)
Published: November 19, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13411, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)