CVE Alert: CVE-2025-10817 – Campcodes – Online Learning Management System
CVE-2025-10817
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
AI Summary Analysis
Risk verdict
High risk with an active public PoC and remote, unauthenticated SQL injection targeting the admin area; remediation should be prioritised urgently.
Why this matters
Exploitation can lead to data exfiltration or modification of user records and may enable privilege escalation within the LMS. The attacker’s goal could include credential access, data integrity disruption, or downtime of admin functions, harming trust and compliance.
Most likely attack path
Exploitation requires only network access to the web application, with no user interaction or credentials. A PoC publicly available increases the likelihood of automated scanners or opportunistic attackers compromising the admin endpoint and querying or altering the backend database, with potential lateral movement limited by the application’s scope.
Who is most exposed
Publicly reachable deployments of the LMS, especially those on exposed or misconfigured hosting (shared/cloud), are at greatest risk; smaller education organisations are typically affected due to limited security controls around admin interfaces.
Detection ideas
- Unusual input in the firstname parameter preceding SQL errors (e.g., syntax patterns) on the admin endpoint.
- Increased error messages or abnormal DB exceptions in app/web server logs following admin requests.
- Web Application Firewall alerts for SQLi patterns on admin URLs.
- Sudden spikes in failed or blocked admin-access attempts.
- IOC patterns from PoC signatures or rapid payload variability in related logs.
Mitigation and prioritisation
- Apply vendor patch or upgrade to a fixed version; if unavailable, implement strong input validation and parameterised queries.
- Restrict admin access by IP allowlists and enforce MFA for administrators.
- Strengthen web app hardening; enable SQLi protections in WAF; monitor and log admin activity intensively.
- Deploy compensating controls if patching is slow; plan urgent update in the next change window.
- Note: KEV presence or EPSS ≥ 0.5 would trigger “treat as priority 1” (data not provided here; verify).
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
