CVE-2025-5059
Unrestricted upload vulnerability in Campcodes Online Shopping Portal 1.0
Overview
This vulnerability is classified as critical in Campcodes Online Shopping Portal 1.0. It allows for unrestricted upload leading to various potential exploits. It can be initiated remotely and the exploit details have been disclosed to the public.
Technical Details
The vulnerability affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of arguments such as productimage1/productimage2/productimage3 leads to unrestricted filing.
CVSS Metrics
- "cvss_score": 5.1
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "attack_requirements": "NONE"
- "privileges_required": "HIGH"
- "user_interaction": "NONE"
- "vuln_confidentiality_impact": "LOW"
- "vuln_integrity_impact": "LOW"
- "vuln_availability_impact": "LOW"
Impact
Unrestricted upload can allow an attacker to upload malicious scripts, which could lead to various potential exploits such as code execution, data exposure etc.
Recommendations
Point out the necessity of validating and sanitizing all user inputs before handling them. Regularly update and patch the software to the latest version.
Threat Metrics
- "cvss_score": 5.1
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "privileges_required": "HIGH"
- "user_interaction": "NONE"