Primary

Context

CampCodes School Management Software Improper Authorization Vulnerability in Staff Handler Component

Vulnerability

A critical vulnerability has been identified in CampCodes School Management Software version 1.0. The issue resides in the Staff Handler component, specifically within an unknown function of the file '/edit-staff/'. This vulnerability allows for improper authorization, enabling remote exploitation. The issue has been publicly disclosed and is associated with the Common Weakness Enumeration (CWE) identifiers CWE-285 and CWE-266.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of sensitive data, including super admin privileges, according to the advisory.

Reproduction

The vulnerability can be reproduced by accessing the '/edit-staff/' page without proper authorization. The lack of adequate authorization checks allows users to manipulate staff data and potentially escalate privileges to super admin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CampCodes School Management Software Improper Authorization Vulnerability in Staff Handler Component

Vulnerability

Impact

Reproduction

Affected Products

CampCodes School Management Software

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating