{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9847","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-02T14:10:28.394Z","datePublished":"2025-09-03T01:02:07.659Z","dateUpdated":"2025-09-03T20:23:04.907Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-03T01:02:07.659Z"},"title":"ScriptAndTools Real Estate Management System register.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"ScriptAndTools","product":"Real Estate Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."},{"lang":"de","value":"Eine Schwachstelle wurde in ScriptAndTools Real Estate Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei register.php. Dank der Manipulation des Arguments uimage mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-02T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-02T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-02T16:15:44.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Maloy Roy Orko","type":"finder"},{"lang":"en","value":"MaloyRoyOrko (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.322196","name":"VDB-322196 | ScriptAndTools Real Estate Management System register.php unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.322196","name":"VDB-322196 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.641970","name":"Submit #641970 | Script And Tools Real Estate Management System 1.0 Remote Code Execution","tags":["third-party-advisory"]},{"url":"https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10.html","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-03T20:19:44.452008Z","id":"CVE-2025-9847","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-03T20:23:04.907Z"}}]}}