CVE-2025-6422

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_settings of the component About Content Page. The manipulation of the argument img leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published: Jun 22, 2025
Updated: Jun 26, 2025
CVE: CVE-2025-6422
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-284
CWE-434

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
campcodes / online_recruitment_management_system	1.0	1.0.x

https://github.com/Sp1d3rL1/CVE/issues/2
https://vuldb.com/?ctiid.313417
https://vuldb.com/?id.313417
https://vuldb.com/?submit.598211
https://www.campcodes.com/

Vulnerability Database

CVE-2025-6422

Deep Security Visibility Without the Complexity