CVE-2025-9920
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| campcodes | online_recruitment_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9920 is a file inclusion vulnerability in Campcodes Recruitment Management System version 1.0, specifically in the /admin/index.php file. The vulnerability occurs because the application uses a user-controlled parameter named "page" to dynamically construct file paths for the PHP include() function without proper validation, filtering, or whitelisting. This allows an attacker to manipulate the "page" parameter to include arbitrary files, potentially leading to remote code execution or unauthorized access to sensitive data. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely include arbitrary files on the server, which may lead to remote code execution, unauthorized access to sensitive information, and compromise of the system's confidentiality, integrity, and availability. Exploitation requires authentication with valid credentials but can be performed remotely. Attackers can also use publicly available exploits and techniques like Google dorking to identify vulnerable targets. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious requests targeting the vulnerable parameter 'page' in the /admin/index.php file. For example, you can look for HTTP GET requests containing unusual file paths or attempts to include local files. A simple detection method is to search web server logs for requests matching patterns like '/admin/index.php?page=' with suspicious values. Additionally, Google dorking with queries such as "inurl:admin/index.php" can help identify exposed vulnerable instances. Commands to detect such activity include using grep on web server logs: grep 'admin/index.php?page=' /var/log/apache2/access.log or similar. Monitoring for authentication attempts with default credentials (e.g., admin/admin123) may also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement strict validation and sanitization of the 'page' parameter to prevent arbitrary file inclusion. 2) Apply the Principle of Least Privilege (PoLP) to limit the permissions of the application and database users. 3) Deploy a Web Application Firewall (WAF) to detect and block malicious requests targeting this vulnerability. 4) Change default credentials to strong, unique passwords to prevent unauthorized access. 5) Monitor logs for suspicious activity to detect exploitation attempts early. 6) Regularly update and patch the application to incorporate security fixes. If possible, consider replacing the affected product with a secure alternative. [2, 3]