CVE-2025-14219

MEDIUM

Campcodes Retro Basketball Shoes Online Store - Improper Access Control

Title source: rule

Description

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.334661

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.334661

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.701209

[Exploit, Issue Tracking, Mitigation, Third Party Advisory] https://github.com/yyue02/cve/issues/1

[Product] https://www.campcodes.com/

Scores

CVSS v3 4.7

EPSS 0.0008

EPSS Percentile 23.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

campcodes/retro_basketball_shoes_online_store 1.0

Published Dec 08, 2025

Tracked Since Feb 18, 2026