CVE-2025-14582 – This vulnerability in campcodes Online Student ... (How to Fix)

Q: What is the severity of CVE-2025-14582?

CVE-2025-14582 has a CVSS score of 4.7 (MEDIUM). This vulnerability in campcodes Online Student Enrollment System 1.0 allows attackers to upload arbitrary files via the userphoto parameter in the admin interface. This affects all systems running the vulnerable version of this software. Remote attackers can potentially upload malicious files to compromise the system.

📋 TL;DR

This vulnerability in campcodes Online Student Enrollment System 1.0 allows attackers to upload arbitrary files via the userphoto parameter in the admin interface. This affects all systems running the vulnerable version of this software. Remote attackers can potentially upload malicious files to compromise the system.

💻 Affected Systems

Products:

campcodes Online Student Enrollment System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the admin interface at /admin/index.php?page=user-profile

📦 What is this software?

Online Student Enrollment System by Campcodes

View all CVEs affecting Online Student Enrollment System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through webshell upload leading to remote code execution, data theft, or server takeover.

🟠

Likely Case

Unauthorized file upload leading to defacement, data manipulation, or limited server access.

🟢

If Mitigated

File upload blocked or restricted to safe types only, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin access to reach the vulnerable endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.campcodes.com/

Restart Required: No

Instructions:

No official patch available. Consider implementing workarounds or replacing the software.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement server-side validation to restrict uploaded file types to safe extensions only

Web Application Firewall Rule

all

Block requests containing suspicious file upload patterns to /admin/index.php

🧯 If You Can't Patch

Restrict access to /admin/ directory to trusted IP addresses only
Implement file integrity monitoring on upload directories

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with a malicious extension (e.g., .php, .jsp) via the userphoto parameter at /admin/index.php?page=user-profile

Check Version:

Check the software version in the admin panel or application files

Verify Fix Applied:

Verify that only allowed file types can be uploaded and malicious extensions are rejected

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /admin/index.php
Uploads of non-image file types via userphoto parameter

Network Indicators:

POST requests to /admin/index.php?page=user-profile with file uploads

SIEM Query:

source="web_logs" AND uri="/admin/index.php" AND method="POST" AND params CONTAINS "userphoto"

📊 Metadata

CVE ID: CVE-2025-14582

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.06% exploit probability (18.8th percentile)

Published: December 12, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/CHENCHOUCHOU/vuln/issues/2 Exploit,Issue Tracking,Mitigation,Third Party Advisory
https://vuldb.com/?ctiid.336202 Permissions Required,VDB Entry
https://vuldb.com/?id.336202 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.705524 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.714164
https://www.campcodes.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14582, you might also want to check these: