CVE Alert: CVE-2025-9786 - Campcodes - Online Learning Management System

CVE-2025-9786

HIGHNo exploitation known

A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well.

CVSS v3.1 (7.3)

Vendor

Campcodes

Product

Online Learning Management System

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-09-01T15:32:07.126Z

Updated

2025-09-01T15:32:07.126Z

References

https://vuldb.com/?id.322102

https://vuldb.com/?ctiid.322102

https://vuldb.com/?submit.640996

https://github.com/wyyyxxxx1017/CVE/issues/6

https://www.campcodes.com/

AI Summary Analysis

Risk verdict

High risk: remote, unauthenticated SQL injection with a public PoC makes exploitation feasible; urgent patching warranted.

Why this matters

Campcodes’ LMS stores sensitive educational data; an injection could disclose or alter records, or enable administrator-level access via sign-up workflow manipulation. With a public exploit, opportunistic attackers may target multiple deployments, increasing the likelihood of data exposure or service disruption.

Most likely attack path

Remote, unauthenticated access (AV:N, PR:N, UI:N) to the /teacher_signup.php endpoint.
Crafted input in firstname (and possibly other parameters) injects SQL, leading to data leakage or modification.
Since Scope is unchanged, impacts stay within the product; no requirement for user interaction or elevated privileges, facilitating quick preliminary access but limited by L- impact on confidentiality, integrity, and availability.

Who is most exposed

Publicly reachable LMS installations, particularly in education environments using default or unpatched Campcodes deployments on common LAMP stacks or shared hosting.

Detection ideas

SQL error messages or DIGEST-like database errors in responses or logs.
Abnormal firstname payloads containing quotes, comments, or tautologies (e.g., OR 1=1).
Surge of sign-up requests with suspicious or malformed parameters.
Anomalous DB query patterns or slow queries tied to signup endpoints.
WAF logs showing SQLi-like patterns targeting /teacher_signup.php.

Mitigation and prioritisation

Apply vendor patch or upgrade beyond 1.0; ensure the signup flow uses parameterised queries.
Implement input validation and prepared statements; sanitise or escape all user-supplied data.
Disable verbose error messages; monitor and alert on SQL error indicators; enable SQLi-focused WAF rules.
Restrict access to the signup endpoint behind authentication or rate limits; audit logs for anomalies.
Change-management: test fixes in staging, communicate risk to stakeholders, schedule rapid deployment.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: campcodes, CVE, cve-2025-9786, online-learning-management-system, OSINT, threatintel