Platform
php
Component
campcodes-complete-online-learning-management-system
Fixed in
1.0.1
CVE-2026-5546 describes an unrestricted file upload vulnerability discovered in Campcodes Complete Online Learning Management System. This flaw allows attackers to upload arbitrary files to the server, potentially leading to malicious code execution and system compromise. The vulnerability affects versions 1.0.0 through 1.0 of the software, and an exploit is publicly available, increasing the risk of exploitation. No official patch has been released at the time of publication.
A critical vulnerability has been identified in Campcodes Complete Online Learning Management System version 1.0, cataloged as CVE-2026-5546. This security flaw resides in the 'addlesson' function within the file '/application/models/Crudmodel.php' and enables unrestricted file uploads. A remote attacker can exploit this vulnerability to upload malicious files to the server, potentially compromising the integrity and confidentiality of data. The publication of a functional exploit significantly increases the risk of successful attacks. The lack of an official fix available means users must take immediate steps to mitigate the risk.
The CVE-2026-5546 vulnerability is exploited through the 'addlesson' function in the Crudmodel.php model. An attacker can send a malicious HTTP request designed to bypass security validations and upload arbitrary files. The availability of a public exploit facilitates the execution of this attack, even for users with limited technical expertise. The potential impact includes remote code execution, modification of sensitive data, and server takeover. The remote nature of the exploitation means the attacker does not need physical access to the affected system.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
Given that no official fix is provided by the developer, immediate mitigation involves disabling or upgrading to a secure version of Campcodes Complete Online Learning Management System, if one is available. As a temporary measure, restricting access to the '/application/models/Crud_model.php' file via a firewall or access rules is recommended. Furthermore, implementing regular vulnerability scanning and monitoring the server activity for signs of intrusion is crucial. System administrators are advised to carefully review server logs for any suspicious activity related to file uploads.
Actualice el plugin Campcodes Complete Online Learning Management System a la última versión disponible para mitigar la vulnerabilidad de carga no restringida. Verifique y configure adecuadamente los permisos de los archivos y directorios para evitar accesos no autorizados. Implemente validaciones robustas en el lado del servidor para todos los archivos cargados.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this security vulnerability, used to track and reference it in security reports and databases.
Disable the system or look for an updated version as soon as possible. Implement temporary security measures like restricting access to the vulnerable file.
Currently, there is no official fix provided by the developer. Monitor the developer's website for updates.
Restrict access to the vulnerable file, implement a firewall, perform vulnerability scans, and monitor server logs.
An attacker can upload any type of file, including executable files, which could allow malicious code to be executed on the server.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.