Remotely Exploitable Vulnerability in CodeAstro Real Estate Management System 1.0
CVE-2024-11000

7.2HIGH

Key Information:

Vendor: Codeastro
Status: Real Estate Management System
Vendor: CVE Published:; 8 November 2024

Badges

👾 Exploit Exists

What is CVE-2024-11000?

A vulnerability has been identified in the CodeAstro Real Estate Management System version 1.0, specifically within the /aboutedit.php component related to the About Us page. The vulnerability relates to an unregulated file upload process triggered by manipulating the 'aimage' argument. This issue can enable attackers to upload unauthorized files remotely, potentially leading to further exploitation opportunities within the system. Public disclosure of the exploit raises serious concerns about the risk it poses to users of the affected software.

Affected Version(s)

Real Estate Management System 1.0

References

https://vuldb.com/?id.283465

vdb-entrytechnical-description

https://vuldb.com/?ctiid.283465

signaturepermissions-required

https://vuldb.com/?submit.438603

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 8, 2024
👾
Exploit known to exist
Nov 8, 2024
Vulnerability published
Nov 8, 2024
Vulnerability Reserved
Nov 7, 2024

Credit

egsec (VulDB User)

Codeastro

Badges

What is CVE-2024-11000?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit