← Back to CVEs

CVE-2025-0849

MEDIUM

6.3

Description

A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE Details

CVSS v3.1 Score6.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published1/30/2025

Last Modified2/4/2025

Sourcenvd

Honeypot Sightings0

Affected Products

campcodes:school_management_software

Weaknesses (CWE)

CWE-266CWE-285

References

https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Sensitive%20Super%20Admin%20Data%20Exposure%20and%20Unauthorized%20Data%20Update%20via%20IDOR%20(Teacher%20Role%20to%20Super%20Admin%20Role).pdf(cna@vuldb.com)

https://vuldb.com/?ctiid.294012(cna@vuldb.com)

https://vuldb.com/?id.294012(cna@vuldb.com)

https://vuldb.com/?submit.487618(cna@vuldb.com)

https://www.campcodes.com/(cna@vuldb.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.