CVE-2024-10999

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://codeastro.com/ Product
https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.283464 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.283464 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:surajkumarvishwakarma:real_estate_management_system:1.0:*:*:*:*:*:*:*

History

13 Nov 2024, 01:05

Type Values Removed Values Added
First Time Surajkumarvishwakarma
Surajkumarvishwakarma real Estate Management System
CPE cpe:2.3:a:surajkumarvishwakarma:real_estate_management_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 5.8
v3 : 4.7
v2 : 5.8
v3 : 7.2
References () https://codeastro.com/ - () https://codeastro.com/ - Product
References () https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md - () https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283464 - () https://vuldb.com/?ctiid.283464 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.283464 - () https://vuldb.com/?id.283464 - Third Party Advisory, VDB Entry

08 Nov 2024, 19:01

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en CodeAstro Real Estate Management System 1.0. Se ve afectada una función desconocida del archivo /aboutadd.php del componente About Us Page. La manipulación del argumento aimage permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.

08 Nov 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-08 08:15

Updated : 2024-11-13 01:05


NVD link : CVE-2024-10999

Mitre link : CVE-2024-10999

CVE.ORG link : CVE-2024-10999


JSON object : View

Products Affected

surajkumarvishwakarma

  • real_estate_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-284

Improper Access Control