CVE-2025-14583
BaseFortify
Publication date: 2025-12-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| campcodes | online_student_enrollment_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the campcodes Online Student Enrollment System 1.0, specifically in the /admin/register.php file. It allows an attacker to manipulate the 'photo' argument to upload files without restriction. This can be exploited remotely and the exploit has already been published.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to upload arbitrary files remotely, potentially leading to unauthorized access, data compromise, or system takeover. This could disrupt the enrollment system's operations and compromise sensitive student data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for suspicious file uploads and web requests. Specifically, look for POST requests to /admin/register.php containing file uploads with PHP extensions or payloads including patterns like 'eval(base64_decode'. Commands to detect such activity include using web server logs to grep for suspicious uploads, e.g., `grep -iE '\.(php|php3|php5|phtml)$' /var/log/apache2/access.log` or `grep -i 'eval(base64_decode' /var/log/apache2/access.log`. Additionally, monitoring for POST parameters starting with Base64 encoded 'eval' strings (e.g., 'a=ZXZ') can help detect AntSword webshell communication. Using tools like a Web Application Firewall (WAF) or Endpoint Detection and Response (EDR) solutions to detect execution of PHP files in upload directories is also recommended. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include blocking uploads of PHP scripts via web server configuration, for example, in Apache: `<FilesMatch "\.(php|php3|php5|phtml)$"> Require all denied </FilesMatch>`. Adding WAF rules to detect and block payloads containing 'eval(base64_decode' or POST parameters starting with Base64 encoded 'eval' strings is advised. Additionally, configure upload directories to be non-executable to prevent execution of uploaded scripts. Monitoring and logging suspicious requests and deploying EDR tools to detect PHP execution in upload folders are also recommended as immediate defenses. [3]