CVE-2025-0213 – Campcodes Project Management System update_forms.php unrestricted upload

https://notcve.org/view.php?id=CVE-2025-0213

04 Jan 2025 — A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. • https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Project%20Management%20System.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •