{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9786","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-01T09:27:51.528Z","datePublished":"2025-09-01T15:32:07.126Z","dateUpdated":"2025-09-02T18:39:17.541Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-01T15:32:07.126Z"},"title":"Campcodes Online Learning Management System teacher_signup.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Campcodes","product":"Online Learning Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well."},{"lang":"de","value":"In Campcodes Online Learning Management System 1.0 wurde eine Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei /teacher_signup.php. Durch Manipulation des Arguments firstname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-01T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-01T11:32:55.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"wyx_02 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.322102","name":"VDB-322102 | Campcodes Online Learning Management System teacher_signup.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.322102","name":"VDB-322102 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.640996","name":"Submit #640996 | Campcodes Online Learning Management System V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/wyyyxxxx1017/CVE/issues/6","tags":["exploit","issue-tracking"]},{"url":"https://www.campcodes.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-02T18:26:17.408830Z","id":"CVE-2025-9786","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-02T18:39:17.541Z"}}]}}