CVE-2025-15404

MEDIUM

Campcodes School File Management System - Improper Access Control

Title source: rule
STIX 2.1

Description

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0005
EPSS Percentile 14.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-284 CWE-434
Status published
Products (1)
campcodes/school_file_management_system 1.0
Published Jan 01, 2026
Tracked Since Feb 18, 2026