Campcodes Online Hotel Reservation System edit_room.php unrestricted upload

July 31, 2025 invoker category_cve

CVE Details

Basic Information

Title	Campcodes Online Hotel Reservation System edit_room.php unrestricted upload
Type	cve
Published	2025-07-31T10:32:05.716Z
Modified	2025-07-31T10:32:05.716Z

Product Information

Vendor	Campcodes
Product	Online Hotel Reservation System
Version	1.0

CVSS Information

Base Score	5.1 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

Campcodes Online Hotel Reservation System 1.0

Additional Information

CWE List	CWE-434, CWE-284
Source	VulDB

Description

A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?id.318357
https://vuldb.com/?ctiid.318357
https://vuldb.com/?submit.624817
https://github.com/XiaoJiesecqwq/sql/issues/2
https://www.campcodes.com/

View Full CVE Details