CVE-2025-11079

Exploit

EPSS 0.84%
Veröffentlicht 27.09.2025 21:15:28
Zuletzt bearbeitet 03.10.2025 15:00:13
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Campcodes Farm Management System file information disclosure

A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 3 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Campcodes ≫ Farm Management System Version1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.529

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

https://www.campcodes.com/

Product

https://github.com/unicorn33355/cve/issues/1

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.326119

VDB Entry

Permissions Required

https://vuldb.com/?id.326119

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.661199

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2025-11079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11079

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-11079