Home

Description

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

PUBLISHED Reserved 2025-12-07 | Published 2025-12-08 | Updated 2026-02-24 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.8AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Unrestricted Upload

Improper Access Controls

Product status

1.0
affected

Timeline

2025-12-07:Advisory disclosed
2025-12-07:VulDB entry created
2025-12-11:VulDB entry last update

Credits

Yueyue (VulDB User) reporter

References

github.com/yyue02/cve/issues/1 exploit

vuldb.com/?id.334661 (VDB-334661 | Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.334661 (VDB-334661 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.701209 (Submit #701209 | Campcodes Retro Basketball Shoes Online Store V1.0 Unrestricted Upload) third-party-advisory

github.com/yyue02/cve/issues/1 exploit issue-tracking

www.campcodes.com/ product

cve.org (CVE-2025-14219)

nvd.nist.gov (CVE-2025-14219)

Download JSON