Primary

Context

CodeAstro Real Estate Management System Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unauthorized file uploads has been identified in CodeAstro Real Estate Management System version 1.0. The issue resides in the file /submitproperty.php, where an unknown function permits unrestricted file uploads. This vulnerability can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can lead to remote code execution on the server.

Reproduction

To reproduce this vulnerability, send a POST request to /submitproperty.php with the 'aimage' field set to a PHP file containing a payload, such as a command to be executed on the server. The request should also include other required form data, such as property details and images.

Added: Sep 4, 2025, 11:37 AM

Updated: Sep 4, 2025, 5:02 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeAstro Real Estate Management System Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating