VYPR
Medium severity4.7NVD Advisory· Published Nov 7, 2025· Updated Apr 29, 2026

CVE-2025-12873

CVE-2025-12873

Description

A security flaw has been discovered in Campcodes School File Management 1.0. This affects an unknown part of the file /admin/update_user.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:campcodes:school_file_management_system:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:campcodes:school_file_management_system:1.0:*:*:*:*:*:*:*
    • (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.