CVE-2025-13423

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
campcodesretro_basketball_shoes_online_store
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Abxery/cveee/issues/6
https://vuldb.com/?ctiid.332945
https://vuldb.com/?id.332945
https://vuldb.com/?submit.696051
https://www.campcodes.com/
https://github.com/Abxery/cveee/issues/6