CodeAstro Real Estate Management System Unrestricted File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A vulnerability allowing unauthorized file uploads has been identified in CodeAstro Real Estate Management System version 1.0. This issue resides in the file /register.php, where manipulation of the 'uimage' argument can result in unrestricted file uploads. The vulnerability can be exploited remotely, and published proof-of-concept exploits are available.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, which can be leveraged to execute remote commands on the server, potentially leading to a full compromise of the web application and its underlying system.
Reproduction
To reproduce this vulnerability, send a POST request to 'register.php' with the 'uimage' parameter included in the multipart form data. The uploaded file should be a PHP script containing a payload that, when executed, demonstrates the command execution capability, such as a script that lists directory contents.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.