anonhaven
Ad

CVE-2026-5546

MEDIUM CVSS 4.0: 5.3
Updated Apr 05, 2026
Campcodes
Parameter Value
CVSS 5.3 (MEDIUM)
Type CWE-434 (Unrestricted File Upload), CWE-284 (Improper Access Control)
Vendor Campcodes
Public PoC No

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload.

It is possible to initiate the attack remotely. The exploit has been published and may be used.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-434 Unrestricted File Upload
CWE-284 Improper Access Control

Vulnerable Products

campcodes:complete online learning management system

References 5

https://github.com/whatyourname12345/CVE/tree/main/OLMS
cna@vuldb.com
https://vuldb.com/submit/782291
cna@vuldb.com
https://vuldb.com/vuln/355310
cna@vuldb.com
https://vuldb.com/vuln/355310/cti
cna@vuldb.com
https://www.campcodes.com/
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-0597

Campcodes

5.3

CVE-2025-15404

Campcodes

5.3

CVE-2025-15214

Campcodes

4.8

CVE-2025-15207

Campcodes

6.9

CVE-2025-15206

Campcodes

6.9