ScriptAndTools Real Estate Management System Unrestricted File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A vulnerability allowing unrestricted file upload has been identified in ScriptAndTools Real Estate Management System version 1.0. The issue resides in the register.php file, where the uimage argument can be manipulated to upload malicious files. This vulnerability can be exploited remotely, leading to unauthorized execution of code on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where the application is hosted.
Reproduction
To reproduce this vulnerability, upload a file through the register.php page, specifically targeting the uimage argument. Since there are no restrictions on file types or extensions, a web shell can be uploaded instead of a standard image. Once the shell is uploaded, it can be accessed and executed, leading to remote code execution on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.