CVE-2025-9750 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Learning Management System (LMS). The flaw exists in the /admin/login.php file, specifically through manipulation of the 'Username' parameter. This vulnerability allows an unauthenticated attacker to remotely inject malicious SQL code into the backend database queries without requiring any user interaction or privileges. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the LMS data. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting the ease of exploitation (network accessible, no authentication or user interaction needed) but with limited impact scope (low to medium impact on confidentiality, integrity, and availability). Although no known exploits are currently observed in the wild, the public release of exploit code increases the risk of active exploitation. The LMS is typically used by educational institutions to manage course content, user accounts, and administrative functions, making it a valuable target for attackers seeking to disrupt educational services or steal sensitive user data.

For European organizations, particularly educational institutions and training providers using Campcodes LMS version 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to student and staff personal information, course materials, and administrative credentials. This could result in data breaches violating GDPR regulations, leading to legal and financial penalties. Additionally, attackers could manipulate or delete critical educational data, disrupting learning activities and institutional operations. The remote and unauthenticated nature of the attack vector increases the likelihood of exploitation, potentially affecting multiple institutions if the LMS is widely deployed. The medium severity rating suggests that while the vulnerability is serious, the overall impact might be contained if proper network segmentation and monitoring are in place. However, the public availability of exploit code necessitates immediate attention to prevent compromise.

Organizations should immediately assess their use of Campcodes LMS version 1.0 and prioritize upgrading to a patched version once available. In the absence of an official patch, implement the following mitigations: 1) Employ Web Application Firewalls (WAFs) configured to detect and block SQL injection patterns targeting the /admin/login.php endpoint, especially focusing on the 'Username' parameter. 2) Restrict network access to the LMS admin interface by IP whitelisting or VPN access to reduce exposure. 3) Conduct input validation and sanitization at the application layer to neutralize malicious SQL payloads. 4) Monitor logs for unusual login attempts or SQL error messages indicative of injection attempts. 5) Regularly back up LMS databases and test restoration procedures to minimize data loss impact. 6) Educate administrators about the vulnerability and encourage prompt reporting of suspicious activities. These targeted actions go beyond generic advice by focusing on the specific vulnerable component and attack vector.