CVE-2025-10817 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Learning Management System (LMS). The vulnerability exists in the /admin/admin_user.php file, specifically through manipulation of the 'firstname' parameter. An attacker can remotely exploit this flaw without any authentication or user interaction, by injecting malicious SQL code into the 'firstname' argument. This can lead to unauthorized access to the backend database, allowing the attacker to read, modify, or delete sensitive data stored within the LMS. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The exploit code has been publicly disclosed, increasing the risk of exploitation, although no confirmed active exploitation in the wild has been reported yet. The lack of a patch or mitigation guidance from the vendor at this time increases the urgency for organizations to implement compensating controls. Given the nature of SQL Injection, attackers could potentially extract user credentials, manipulate course data, or disrupt LMS operations, impacting both administrators and end users.

For European organizations using Campcodes LMS 1.0, this vulnerability poses significant risks to data confidentiality, integrity, and availability. Educational institutions, training providers, and corporate learning departments relying on this LMS could face unauthorized disclosure of personal data, including student and staff information, violating GDPR and other privacy regulations. Integrity of course content and user records could be compromised, undermining trust and operational continuity. Availability impacts could disrupt learning activities, causing reputational damage and operational delays. Since the vulnerability requires no authentication and can be exploited remotely, attackers from anywhere could target European LMS deployments. The public availability of exploit code increases the likelihood of opportunistic attacks, especially against organizations slow to apply mitigations. The medium severity rating suggests moderate but tangible risk, particularly for organizations with sensitive or regulated data. Failure to address this vulnerability could lead to regulatory penalties, loss of user trust, and potential financial losses due to operational disruption or data breaches.

1. Immediate mitigation should include implementing Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting the 'firstname' parameter in /admin/admin_user.php. 2. Conduct thorough input validation and sanitization on all user-supplied data, especially the 'firstname' field, to ensure only expected characters and formats are accepted. 3. Employ parameterized queries or prepared statements in the backend code to prevent SQL injection. 4. Restrict access to the /admin/ directory by IP whitelisting or VPN-only access to reduce exposure. 5. Monitor logs for unusual database queries or repeated failed attempts targeting the vulnerable parameter. 6. Engage with the vendor for patches or updates and prioritize applying them once available. 7. Perform a security audit of the LMS environment to identify any signs of compromise or data exfiltration. 8. Educate administrators on the risks and signs of exploitation to enable prompt incident response. 9. Consider isolating the LMS environment or deploying additional network segmentation to limit lateral movement in case of compromise.