{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-0543","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-01-14T18:50:21.958Z","datePublished":"2024-01-15T05:31:04.333Z","dateUpdated":"2025-06-17T21:19:14.060Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-01-15T05:31:04.333Z"},"title":"CodeAstro Real Estate Management System propertydetail.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"CodeAstro","product":"Real Estate Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine Schwachstelle in CodeAstro Real Estate Management System bis 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei propertydetail.php. Dank Manipulation des Arguments pid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-01-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-01-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-01-14T19:55:31.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Pranav P Ramesh (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.250713","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.250713","tags":["signature","permissions-required"]},{"url":"https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:11:35.479Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.250713","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.250713","tags":["signature","permissions-required","x_transferred"]},{"url":"https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing","tags":["exploit","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-0543","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-01-16T16:55:05.475054Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-17T21:19:14.060Z"}}]}}