CVE-2025-0341

A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:campcodes:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*

History

04 Mar 2025, 19:30

Type Values Removed Values Added
First Time Campcodes
Campcodes computer Laboratory Management System
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en CampCodes Computer Laboratory Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /class/edit/edit. La manipulación del argumento e_photo permite la carga sin restricciones. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
CPE cpe:2.3:a:campcodes:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md - () https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md - Exploit
References () https://vuldb.com/?ctiid.290828 - () https://vuldb.com/?ctiid.290828 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.290828 - () https://vuldb.com/?id.290828 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.476884 - () https://vuldb.com/?submit.476884 - Third Party Advisory, VDB Entry
References () https://www.campcodes.com/ - () https://www.campcodes.com/ - Product

09 Jan 2025, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-09 08:15

Updated : 2025-03-04 19:30


NVD link : CVE-2025-0341

Mitre link : CVE-2025-0341

CVE.ORG link : CVE-2025-0341


JSON object : View

Products Affected

campcodes

  • computer_laboratory_management_system
CWE
CWE-284

Improper Access Control

CWE-434

Unrestricted Upload of File with Dangerous Type