CVE-2026-5546: Campcodes LMS Unrestricted Upload - v1.0
Platform
php
Component
campcodes-complete-online-learning-management-system
CVE-2026-5546 describes an unrestricted file upload vulnerability discovered in Campcodes Complete Online Learning Management System. This flaw allows attackers to upload arbitrary files to the server, potentially leading to malicious code execution and system compromise. The vulnerability affects versions 1.0.0 through 1.0 of the software, and an exploit is publicly available, increasing the risk of exploitation. No official patch has been released at the time of publication.
How to fix
Actualice el plugin Campcodes Complete Online Learning Management System a la última versión disponible para mitigar la vulnerabilidad de carga no restringida. Verifique y configure adecuadamente los permisos de los archivos y directorios para evitar accesos no autorizados. Implemente validaciones robustas en el lado del servidor para todos los archivos cargados.
Frequently asked questions
What is CVE-2026-5546?
CVE-2026-5546 is a vulnerability in Campcodes Complete Online Learning Management System that allows attackers to upload any type of file to the server without restriction. This is due to a flaw in the add_lesson function within the Crud_model.php file.
Am I affected by CVE-2026-5546?
You are affected if you are using Campcodes Complete Online Learning Management System version 1.0.0 through 1.0. Because an exploit is publicly available, it is crucial to address this vulnerability immediately.
How can I fix CVE-2026-5546?
No official patch is currently available for CVE-2026-5546. Consider implementing temporary mitigation strategies, such as restricting file uploads to specific types and sizes, and closely monitoring your system for suspicious activity.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free