CVE-2026-5546 - Vulnerability Details

- Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload

Description

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Published: 2026-04-05

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Campcodes Complete Online Learning Management System version 1.0 contains a flaw in the add_lesson function of Crud_model.php that allows an attacker to upload arbitrary files to the server. This vulnerability is a classic example of improper access control and unrestricted file upload, as indicated by CWE-284 and CWE-434. Successfully exploiting it can enable an attacker to place malicious scripts or binaries on the platform, potentially leading to remote code execution or further compromise of the system's confidentiality and integrity.

Affected Systems

The affected system is Campcodes Complete Online Learning Management System, version 1.0.

Risk and Exploitability

The CVSS score of 5.3 suggests moderate severity, and the exploit has been published, indicating that attackers could target the application over the network. Although no EPSS score is available and the vulnerability is not listed in the KEV catalog, the remote nature of the attack and the presence of a published exploit increase the likelihood of real‑world exploitation. The attack vector is inferred to be a remote web request that submits a file through the add_lesson interface, requiring no additional privileges beyond access to the upload form.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Campcodes

Complete Online Learning Management System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Campcodes

Complete Online Learning Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Campcodes for an official security update or patch
If a patch is available, apply it to the installed instance
Configure the web server to accept only allowed file types and sizes for uploads
Deploy a Web Application Firewall rule to block suspicious upload patterns
Enable detailed logging for upload attempts and regularly review logs for abnormal activity

Generated by OpenCVE AI on April 5, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/whatyourname12345/CVE/tree/main/OLMS
https://vuldb.com/submit/782291
https://vuldb.com/vuln/355310
https://vuldb.com/vuln/355310/cti
https://www.campcodes.com/

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Campcodes Campcodes complete Online Learning Management System
Vendors & Products		Campcodes Campcodes complete Online Learning Management System

Mon, 06 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 05 Apr 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Title		Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
Weaknesses		CWE-284 CWE-434
References		https://github.com/whatyourname12345/CVE/tree/main/OLMS https://vuldb.com/submit/782291 https://vuldb.com/vuln/355310 https://vuldb.com/vuln/355310/cti https://www.campcodes.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Campcodes Complete Online Learning Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-05T06:00:18.525Z

Updated: 2026-04-06T15:30:41.756Z

Reserved: 2026-04-04T13:20:26.506Z

Link: CVE-2026-5546

Vulnrichment

Updated: 2026-04-06T15:30:37.932Z

NVD

Status : Deferred

Published: 2026-04-05T07:16:01.407

Modified: 2026-04-24T18:14:34.620

Link: CVE-2026-5546

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:57:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object