CVE-2024-7944

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md Technical Description
https://vuldb.com/?ctiid.275136 Permissions Required
https://vuldb.com/?id.275136 Third Party Advisory
https://vuldb.com/?submit.393372 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:adonesevangelista:laravel_property_management_system:1.0:*:*:*:*:*:*:*

History

21 Aug 2024, 15:24

Type Values Removed Values Added
First Time Adonesevangelista laravel Property Management System
Adonesevangelista
Summary
  • (es) Se encontró una vulnerabilidad en su código fuente Laravel Property Management System 1.0. Ha sido clasificada como crítica. La función UpdateDocumentsRequest del archivo DocumentsController.php es afectada por la vulnerabilidad. La manipulación conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:adonesevangelista:laravel_property_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md - () https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md - Technical Description
References () https://vuldb.com/?ctiid.275136 - () https://vuldb.com/?ctiid.275136 - Permissions Required
References () https://vuldb.com/?id.275136 - () https://vuldb.com/?id.275136 - Third Party Advisory
References () https://vuldb.com/?submit.393372 - () https://vuldb.com/?submit.393372 - Issue Tracking

20 Aug 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 02:15

Updated : 2024-08-21 15:24


NVD link : CVE-2024-7944

Mitre link : CVE-2024-7944

CVE.ORG link : CVE-2024-7944


JSON object : View

Products Affected

adonesevangelista

  • laravel_property_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type