Primary

Context

ScriptAndTools Real Estate Management System Redirect Vulnerability in /admin/userlist.php

Vulnerability

A broken access control vulnerability has been identified in ScriptAndTools Real Estate Management System version 1.0. The issue resides in the file /admin/userlist.php, where an unknown function allows execution after a redirect. This vulnerability can be exploited remotely without authentication, leading to unauthorized access and information disclosure.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive user information via the admin/userlist.php page, bypassing the need to log into the admin panel.

Reproduction

To reproduce this vulnerability, use a web browser extension that disables automatic redirects, such as DH-Hackbar. Then, navigate to the vulnerable URL: http://<target>:8080/reali/admin/userlist.php. The sensitive user information will be accessible without logging into the admin panel.

Added: Sep 3, 2025, 2:21 AM

Updated: Sep 3, 2025, 2:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ScriptAndTools Real Estate Management System Redirect Vulnerability in /admin/userlist.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating