CodeAstro Real Estate Management System SQL Injection Vulnerability in User Agent Deletion Endpoint
Vulnerability
A SQL injection vulnerability has been identified in CodeAstro Real Estate Management System version 1.0. The issue resides in the administrator endpoint '/admin/useragentdelete.php', where an unknown function improperly handles input, allowing attackers to manipulate SQL queries. This vulnerability can be exploited remotely, and an exploit is publicly available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, access the '/admin/useragentdelete.php' endpoint with a crafted 'id' parameter that includes SQL injection payloads. The application does not properly sanitize this input, allowing the injection of malicious SQL that could be executed by the database.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.