{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10999","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-07T20:47:08.262Z","datePublished":"2024-11-08T08:00:08.825Z","dateUpdated":"2024-11-08T14:24:05.711Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-08T08:00:08.825Z"},"title":"CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"CodeAstro","product":"Real Estate Management System","versions":[{"version":"1.0","status":"affected"}],"modules":["About Us Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine problematische Schwachstelle in CodeAstro Real Estate Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /aboutadd.php der Komponente About Us Page. Mittels dem Manipulieren des Arguments aimage mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.7,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.7,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-11-07T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-07T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-07T21:52:17.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.283464","name":"VDB-283464 | CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.283464","name":"VDB-283464 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md","tags":["exploit"]},{"url":"https://codeastro.com/","tags":["product"]}]},"adp":[{"affected":[{"vendor":"codeastro","product":"real_estate_management_system","cpes":["cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-08T14:23:41.279483Z","id":"CVE-2024-10999","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-08T14:24:05.711Z"}}]}}