| Title | CodeAstro Real Estate Management System 1.0 Arbitrary Authenticated File Upload Leading to RCE |
|---|
| Description | The vulnerability arises from the lack of proper file validation and authentication checks in the file upload mechanism of the application. Both /aboutadd.php and /aboutedit.php endpoints allow authenticated admin to upload image files intended for the "About Page". However, the system does not properly validate the content type or check for the file's executable nature. As a result, an attacker could upload a malicious file (such as a PHP reverse shell) disguised as a legitimate image. Once the file is uploaded, the server processes it without detecting its harmful nature. This allows attackers to execute arbitrary code on the server, potentially leading to remote code execution (RCE). |
|---|
| Source | ⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md |
|---|
| User | egsec (UID 77043) |
|---|
| Submission | 11/06/2024 20:59 (2 years ago) |
|---|
| Moderation | 11/07/2024 21:47 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 283465 [CodeAstro Real Estate Management System 1.0 About Us Page /aboutedit.php aimage unrestricted upload] |
|---|
| Points | 20 |
|---|