CVE-2025-14219
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14219
EUVD
EUVD-2025-201667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
campcodes retro_basketball_shoes_online_store 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Campcodes Retro Basketball Shoes Online Store 1.0, specifically in an unknown function within the file /admin/admin_running.php. It involves manipulation of the argument product_image, which can lead to unrestricted file upload. This means an attacker can remotely upload files without restriction, potentially allowing malicious files to be placed on the server.

Impact Analysis

The vulnerability can allow an attacker to remotely upload arbitrary files to the server, which may lead to unauthorized access, data modification, or disruption of service. This can compromise the integrity, confidentiality, and availability of the affected system.

Detection Guidance

Detection can be performed by monitoring for anomalous HTTP POST requests to /admin/admin_running.php that include file uploads, especially those containing PHP code or unusual file extensions like .php or .php3. You can also look for requests with suspicious Content-Type headers that do not match the actual file content. Commands to detect such activity include using web server logs to grep for POST requests to the vulnerable endpoint and scanning upload directories for unexpected PHP files. For example, on a Linux server: 1) grep 'POST /admin/admin_running.php' /var/log/apache2/access.log 2) find /var/www/html/uploads/ -type f -name '*.php' 3) grep -r --include='*.php' 'eval(base64_decode' /var/www/html/uploads/ Additionally, deploying Endpoint Detection and Response (EDR) tools to detect unauthorized PHP execution and monitoring for AntSword client activity can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include: 1) Blocking PHP script uploads by configuring the web server to deny execution of .php files in the upload directory (e.g., using Apache <FilesMatch> directives or Nginx configuration to disable PHP execution in /uploads/). 2) Adding Web Application Firewall (WAF) rules to detect and block payloads associated with AntSword webshells, such as POST parameters containing eval(base64_decode) patterns. 3) Enhancing file upload validation by restricting allowed file extensions to safe image types (.jpg, .png), verifying file MIME types and content using functions like getimagesize() or fileinfo, and renaming uploaded files with UUIDs stored outside web-accessible directories. 4) Monitoring for suspicious requests and deploying EDR solutions to detect unauthorized PHP execution. If possible, consider replacing the affected product with a secure alternative. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart