CVE-2024-0543

A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*

History

22 Jan 2024, 20:44

Type Values Removed Values Added
References () https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing - () https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.250713 - () https://vuldb.com/?ctiid.250713 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.250713 - () https://vuldb.com/?id.250713 - Third Party Advisory
First Time Codeastro real Estate Management System
Codeastro
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*

15 Jan 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-15 06:15

Updated : 2024-05-17 02:34


NVD link : CVE-2024-0543

Mitre link : CVE-2024-0543

CVE.ORG link : CVE-2024-0543


JSON object : View

Products Affected

codeastro

  • real_estate_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')