Skip to main content

CVE-2025-7151: Unrestricted Upload in Campcodes Advanced Online Voting System

Medium
VulnerabilityCVE-2025-7151cvecve-2025-7151
Published: Mon Jul 07 2025 (07/07/2025, 23:02:07 UTC)
Source: CVE Database V5
Vendor/Project: Campcodes
Product: Advanced Online Voting System

Description

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/07/2025, 23:24:31 UTC

Technical Analysis

CVE-2025-7151 is a vulnerability identified in Campcodes Advanced Online Voting System version 1.0. The issue arises from an unrestricted file upload vulnerability in the /admin/voters_add.php endpoint, specifically through manipulation of the 'photo' argument. This vulnerability allows an attacker to upload arbitrary files without proper validation or restriction, potentially enabling remote code execution or other malicious activities. The vulnerability is exploitable remotely without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The CVSS 4.0 base score is 5.3, categorized as medium severity, reflecting limited impact on confidentiality, integrity, and availability, and the requirement of low privileges (PR:L) for exploitation. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The unrestricted upload flaw could allow attackers to deploy web shells or malware, compromise the voting system's integrity, manipulate election data, or disrupt availability, undermining trust in the voting process. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been linked yet.

Potential Impact

For European organizations, particularly those involved in electoral processes or civic engagement platforms using Campcodes Advanced Online Voting System 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access and manipulation of voter data, alteration of election results, or denial of service, thereby threatening democratic processes and public trust. Given the critical nature of election integrity in Europe, any compromise could have severe political and social consequences. Additionally, the presence of malicious files on election infrastructure could serve as a foothold for broader network compromise, potentially affecting other connected systems. Organizations relying on this software without timely mitigation may face regulatory scrutiny under GDPR for failing to protect personal data. The medium CVSS score suggests moderate risk, but the critical context of election systems elevates the potential impact beyond typical IT environments.

Mitigation Recommendations

Immediate mitigation steps include restricting access to the /admin/voters_add.php endpoint through network segmentation and strict access controls, limiting it only to trusted administrative users and IP addresses. Implementing web application firewalls (WAFs) with rules to detect and block suspicious file uploads can reduce exploitation risk. Administrators should audit the server for any unauthorized files and monitor logs for unusual upload activity. Since no official patches are currently available, organizations should consider disabling the photo upload feature temporarily or replacing the vulnerable component with a more secure alternative. Additionally, enforcing strict file type validation, size limits, and scanning uploaded files for malware can mitigate risk once uploads are necessary. Regular backups and incident response plans tailored to election systems should be reviewed and updated to handle potential compromises. Finally, organizations should monitor threat intelligence feeds for any emerging exploits or patches related to CVE-2025-7151.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-07T05:54:47.255Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 686c53a56f40f0eb72edd2fb

Added to database: 7/7/2025, 11:09:25 PM

Last enriched: 7/7/2025, 11:24:31 PM

Last updated: 8/13/2025, 6:36:30 AM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats