CVE-2025-14219

MEDIUM

Campcodes Retro Basketball Shoes Online Store - Improper Access Control

Title source: rule

Description

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

[Exploit, Issue Tracking, Mitigation, Third Party Advisory] https://github.com/yyue02/cve/issues/1

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.334661

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.334661

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.701209

[Product] https://www.campcodes.com/

Scores

CVSS v3 4.7

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-284 CWE-434

Status published

Affected Products (1)

campcodes/retro_basketball_shoes_online_store

Timeline

Published Dec 08, 2025

Tracked Since Feb 18, 2026